Vulnerability Description
Cross-site scripting (XSS) vulnerability in the Downloads module in PostNuke up to 0.726, and possibly later versions, allows remote attackers to inject arbitrary HTML and web script via the ttitle parameter in a viewdownloaddetails action.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Postnuke Software Foundation | Postnuke | 0.726 |
Related Weaknesses (CWE)
References
- http://securitytracker.com/id?1008629Patch
- http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2004-01/0015.html
- http://www.gulftech.org/01032004.php
- http://securitytracker.com/id?1008629Patch
- http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2004-01/0015.html
- http://www.gulftech.org/01032004.php
FAQ
What is CVE-2004-2752?
CVE-2004-2752 is a vulnerability with a CVSS score of 4.3 (MEDIUM). Cross-site scripting (XSS) vulnerability in the Downloads module in PostNuke up to 0.726, and possibly later versions, allows remote attackers to inject arbitrary HTML and web script via the ttitle pa...
How severe is CVE-2004-2752?
CVE-2004-2752 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2004-2752?
Check the references section above for vendor advisories and patch information. Affected products include: Postnuke Software Foundation Postnuke.