Intrusion Prevention

PHP.PostNuke.TTitle.XSS

Description

It indicates a Cross Site Scripting Attack against PostNuke. The PHP PostNuke is vulnerable to a Cross Site Scripting attack that could lead to arbitrary code execution. The Downloads and Web_Link modules contain bugs that allow an attacker to construct a link with script code that could be executed by the user.

Affected Products

PostNuke Development Team PostNuke Phoenix 0.726 and earlier versions.

Impact

Theft of authentication cookies.

Recommended Actions

Apply appropriate patch from the vendor http://www.securityfocus.com/bid/8374/solution