|
|
CVE Reference: CVE-2006-0800 |
|
| NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE. | |
|
Original Page at CVE MITRE: CVE-2006-0800 |
|
|
Description: Interpretation conflict in PostNuke 0.761 and earlier allows remote attackers to conduct cross-site scripting (XSS) attacks via HTML tags with a trailing "<" character, which is interpreted as a ">" character by some web browsers but bypasses the blacklist protection in (1) the pnVarCleanFromInput function in pnAPI.php, (2) the pnSecureInput function in pnAntiCracker.php, and (3) the htmltext parameter in an edituser operation to user.php. |
|
|
CVE Status: Candidate |
|
|
References: XF http://xforce.iss.net/xforce/xfdb/24823 SREASON http://securityreason.com/securityalert/454 SAID Secunia Advisory: SA18937 MISC http://securityreason.com/securityalert/454 FULLDISC http://archives.neohapsis.com/archives/fulldisclosure/2006-02/0469.html CONFIRM http://news.postnuke.com/index.php?name=News&file=article&sid=2754 BID 16752 |
|
| Return to the previous page. |
