Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Multiple cross-site scripting (XSS) vulnerabilities in PostNuke 0.726 allows remote attackers to inject arbitrary web script or HTML via the (1) lid and query parameters to the Downloads module, (2) query parameter to the Web_links module, or (3) hlpfile parameter to openwindow.php.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
PostNuke Pheonix多个跨站脚本及路径泄露漏洞
Vulnerability Description
PHP-Nuke是一个广为流行的网站创建和管理工具,它可以使用很多数据库软件作为后端,比如MySQL、PostgreSQL、mSQL、Interbase、Sybase等。 PHP-Nuke包含的Pheonix模块存在多个输入过滤问题,远程攻击者可以利用这些漏洞获得敏感信息。 直接请求"/includes/blocks/"和"pnadodb"目录下的脚本,可泄露路径敏感信息。 另外openwindow.php脚本中的Downloads和Web_links模块存在多个跨站脚本问题,可导致攻击者构建恶意链接,诱
CVSS Information
N/A
Vulnerability Type
N/A