CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
EPSS
Percentile
58.8%
A cross-site scripting vulnerability is present in the
PostNuke PHP content management system. By passing data
injected through exploitable errors in input validation, an
attacker can insert code which will run on the machine of
anybody viewing the page. It is feasible that this attack
could be used to retrieve session information from cookies,
thereby allowing the attacker to gain administrative access
to the CMS.