Interpretation conflict in PostNuke 0.761 and earlier allows remote attackers to conduct cross-site scripting (XSS) attacks via HTML tags with a trailing "<" character, which is interpreted as a ">" character by some web browsers but bypasses the blacklist protection in (1) the pnVarCleanFromInput function in pnAPI.php, (2) the pnSecureInput function in pnAntiCracker.php, and (3) the htmltext parameter in an edituser operation to user.php.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2006-02-20T22:00:00
Updated: 2024-08-07T16:48:56.198Z
Reserved: 2006-02-20T00:00:00
Link: CVE-2006-0800
Vulnrichment
No data.
NVD
Status : Modified
Published: 2006-02-20T22:02:00.000
Modified: 2024-11-21T00:07:22.183
Link: CVE-2006-0800
Redhat
No data.