Arbitrary HTML and Script Injection in PostNuke Downloads Module

Arbitrary HTML and Script Injection in PostNuke Downloads Module

CVE-2004-2752 · MEDIUM Severity

AV:N/AC:M/AU:N/C:N/I:P/A:N

Cross-site scripting (XSS) vulnerability in the Downloads module in PostNuke up to 0.726, and possibly later versions, allows remote attackers to inject arbitrary HTML and web script via the ttitle parameter in a viewdownloaddetails action.

Learn more about our Web App Pen Testing.