Postnuke Software Foundation : Security Vulnerabilities, CVEs, Published In 2001
Cross-site scripting (XSS) vulnerability in user.php in PostNuke 0.64 allows remote attackers to inject arbitrary web script or HTML via the uname parameter.
Max CVSS
2.6
EPSS Score
0.29%
Published
2001-12-31
Updated
2008-09-10
SQL injection vulnerability in article.php in PostNuke 0.62 through 0.64 allows remote attackers to bypass authentication via the user parameter.
Max CVSS
7.5
EPSS Score
0.28%
Published
2001-10-13
Updated
2017-07-11
PHP-Nuke 5.1 stores user and administrator passwords in a base-64 encoded cookie, which could allow remote attackers to gain privileges by stealing or sniffing the cookie and decoding it.
Max CVSS
7.5
EPSS Score
1.14%
Published
2001-11-21
Updated
2017-12-19
3 vulnerabilities found