Summary
The remote host is running a version of Post-Nuke which contains the 'News' module which itself is vulnerable to a cross site scripting issue.
An attacker may use these flaws to steal the cookies of the legitimate users of this web site.
Solution
Upgrade to the latest version of postnuke
Severity
Classification
-
CVSS Base Score: 4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N
Related Vulnerabilities
- Apache Struts CookBook/Examples Multiple Cross-Site Scripting Vulnerabilities
- Apache Tomcat source.jsp malformed request information disclosure
- Advantech WebAccess Multiple Stack Based Buffer Overflow Vulnerabilities
- A4Desk Event Calendar 'eventid' Parameter SQL Injection Vulnerability
- 3Com NBX VoIP NetSet Detection