漏洞信息详情
PostNuke跨站脚本攻击漏洞
- CNNVD编号:CNNVD-200602-309 <!--
- 危害等级: 低危-->
- 危害等级: 低危
- CVE编号: CVE-2006-0802
- 漏洞类型: 跨站脚本
- 发布时间: 2006-02-20
- 威胁类型: 远程
- 更新时间: 2006-04-07
- 厂 商: postnuke_software_foundation
- 漏洞来源: Maksymilian Arciem...
-
漏洞简介
PostNuke 0.761及之前版本的NS-Languages模块中存在跨站脚本攻击(XSS)漏洞。在启用了magic_quotes_gpc时,远程攻击者可以借助缺失或翻译操作中的language参数注入任意Web脚本或HTML。
漏洞公告
目前厂商已经发布了升级补丁以修复这个安全问题,补丁下载链接:
PostNuke Development Team PostNuke 0.62
PostNuke Development Team PostNuke 0.762.tar.gz
http://news.postnuke.com/Downloads-req-getit-lid-517.html
PostNuke Development Team PostNuke 0.63
PostNuke Development Team PostNuke 0.762.tar.gz
http://news.postnuke.com/Downloads-req-getit-lid-517.html
PostNuke Development Team PostNuke 0.64
PostNuke Development Team PostNuke 0.762.tar.gz
http://news.postnuke.com/Downloads-req-getit-lid-517.html
PostNuke Development Team PostNuke 0.7
PostNuke Development Team PostNuke 0.762.tar.gz
http://news.postnuke.com/Downloads-req-getit-lid-517.html
PostNuke Development Team PostNuke 0.70
PostNuke Development Team PostNuke 0.762.tar.gz
http://news.postnuke.com/Downloads-req-getit-lid-517.html
PostNuke Development Team PostNuke 0.703
PostNuke Development Team PostNuke 0.762.tar.gz
http://news.postnuke.com/Downloads-req-getit-lid-517.html
PostNuke Development Team PostNuke 0.71
PostNuke Development Team PostNuke 0.762.tar.gz
http://news.postnuke.com/Downloads-req-getit-lid-517.html
PostNuke Development Team PostNuke 0.72
PostNuke Development Team PostNuke 0.762.tar.gz
http://news.postnuke.com/Downloads-req-getit-lid-517.html
PostNuke Development Team PostNuke 0.721
PostNuke Development Team PostNuke 0.762.tar.gz
http://news.postnuke.com/Downloads-req-getit-lid-517.html
PostNuke Development Team PostNuke 0.726 -3
PostNuke Development Team PostNuke 0.762.tar.gz
http://news.postnuke.com/Downloads-req-getit-lid-517.html
PostNuke Development Team PostNuke 0.73
PostNuke Development Team PostNuke 0.762.tar.gz
http://news.postnuke.com/Downloads-req-getit-lid-517.html
PostNuke Development Team PostNuke 0.74
PostNuke Development Team PostNuke 0.762.tar.gz
http://news.postnuke.com/Downloads-req-getit-lid-517.html
PostNuke Development Team PostNuke 0.75
PostNuke Development Team PostNuke 0.762.tar.gz
http://news.postnuke.com/Downloads-req-getit-lid-517.html
PostNuke Development Team PostNuke 0.75 -RC3
PostNuke Development Team PostNuke 0.762.tar.gz
http://news.postnuke.com/Downloads-req-getit-lid-517.html
PostNuke Development Team PostNuke 0.76 RC4
ostNuke Development Team PostNuke 0.762.tar.gz
http://news.postnuke.com/Downloads-req-getit-lid-517.html
PostNuke Development Team PostNuke 0.76 RC4b
PostNuke Development Team PostNuke 0.762.tar.gz
http://news.postnuke.com/Downloads-req-getit-lid-517.html
PostNuke Development Team PostNuke 0.76 RC4a
PostNuke Development Team PostNuke 0.762.tar.gz
http://news.postnuke.com/Downloads-req-getit-lid-517.html
Cisco Aironet 340 BR340 Firmware 0.761 a
PostNuke Development Team PostNuke 0.762.tar.gz
http://news.postnuke.com/Downloads-req-getit-lid-517.html
Cisco Aironet 340 BR340 Firmware 0.761
PostNuke Development Team PostNuke 0.762.tar.gz
http://news.postnuke.com/Downloads-req-getit-lid-517.html
参考网址
来源: XF
名称: postnuke-user-nslanguages-xss(24823)
链接:http://xforce.iss.net/xforce/xfdb/24823
来源: BID
名称: 16752
链接:http://www.securityfocus.com/bid/16752
来源: VUPEN
名称: ADV-2006-0673
链接:http://www.frsirt.com/english/advisories/2006/0673
来源: SREASON
名称: 454
链接:http://securityreason.com/securityalert/454
来源: SECUNIA
名称: 18937
链接:http://secunia.com/advisories/18937
来源: news.postnuke.com
链接:http://news.postnuke.com/index.php?name=News&file=article&sid=2754
来源: FULLDISC
名称: 20060219 Multiple vulnerabilities in PostNuke
链接:http://archives.neohapsis.com/archives/fulldisclosure/2006-02/0469.html
受影响实体
- Postnuke_software_foundation Postnuke:0.761<!--2000-1-1-->
补丁
暂无
还没有评论,来说两句吧...