NVD脆弱性詳細

CVE-2006-0800

概要	Interpretation conflict in PostNuke 0.761 and earlier allows remote attackers to conduct cross-site scripting (XSS) attacks via HTML tags with a trailing "<" character, which is interpreted as a ">" character by some web browsers but bypasses the blacklist protection in (1) the pnVarCleanFromInput function in pnAPI.php, (2) the pnSecureInput function in pnAntiCracker.php, and (3) the htmltext parameter in an edituser operation to user.php.
公表日	2006年2月21日7:02
登録日	2021年1月29日15:32
最終更新日	2017年7月20日10:30

影響を受けるソフトウェアの構成

構成1	以上	以下	より上	未満
cpe:2.3:a:postnuke_software_foundation:postnuke:0.7:::::::*
cpe:2.3:a:postnuke_software_foundation:postnuke:0.62:::::::*
cpe:2.3:a:postnuke_software_foundation:postnuke:0.63:::::::*
cpe:2.3:a:postnuke_software_foundation:postnuke:0.64:::::::*
cpe:2.3:a:postnuke_software_foundation:postnuke:0.70:::::::*
cpe:2.3:a:postnuke_software_foundation:postnuke:0.71:::::::*
cpe:2.3:a:postnuke_software_foundation:postnuke:0.72:::::::*
cpe:2.3:a:postnuke_software_foundation:postnuke:0.73:::::::*
cpe:2.3:a:postnuke_software_foundation:postnuke:0.74:::::::*
cpe:2.3:a:postnuke_software_foundation:postnuke:0.75:::::::*
cpe:2.3:a:postnuke_software_foundation:postnuke:0.75_rc3:::::::*
cpe:2.3:a:postnuke_software_foundation:postnuke:0.76_rc4:::::::*
cpe:2.3:a:postnuke_software_foundation:postnuke:0.76_rc4a:::::::*
cpe:2.3:a:postnuke_software_foundation:postnuke:0.76_rc4b:::::::*
cpe:2.3:a:postnuke_software_foundation:postnuke:0.703:::::::*
cpe:2.3:a:postnuke_software_foundation:postnuke:0.721:::::::*
cpe:2.3:a:postnuke_software_foundation:postnuke:0.726.3:::::::*
cpe:2.3:a:postnuke_software_foundation:postnuke:0.761:::::::*
cpe:2.3:a:postnuke_software_foundation:postnuke:0.761a:::::::*

関連情報、対策とツール

No	URL	refsource	タグ
1	http://archives.neohapsis.com/archives/fulldisclosure/2006-02/0469.html	FULLDISC
2	http://news.postnuke.com/index.php?name=News&file=article&sid=2754	CONFIRM	Patch
3	http://secunia.com/advisories/18937	SECUNIA	Patch Vendor Advisory
4	http://securityreason.com/securityalert/454	SREASON
5	http://www.securityfocus.com/bid/16752	BID	Exploit Patch
6	http://www.vupen.com/english/advisories/2006/0673	VUPEN	Vendor Advisory
7	https://exchange.xforce.ibmcloud.com/vulnerabilities/24823	XF

共通脆弱性一覧

No	CWE	名前	URL
1	CWE-79	クロスサイト・スクリプティング（XSS）	https://cwe.mitre.org/data/definitions/79.html

構成1	以上	以下	より上	未満
cpe:2.3:a:postnuke_software_foundation:postnuke:0.7:::::::*
cpe:2.3:a:postnuke_software_foundation:postnuke:0.62:::::::*
cpe:2.3:a:postnuke_software_foundation:postnuke:0.63:::::::*
cpe:2.3:a:postnuke_software_foundation:postnuke:0.64:::::::*
cpe:2.3:a:postnuke_software_foundation:postnuke:0.70:::::::*
cpe:2.3:a:postnuke_software_foundation:postnuke:0.71:::::::*
cpe:2.3:a:postnuke_software_foundation:postnuke:0.72:::::::*
cpe:2.3:a:postnuke_software_foundation:postnuke:0.73:::::::*
cpe:2.3:a:postnuke_software_foundation:postnuke:0.74:::::::*
cpe:2.3:a:postnuke_software_foundation:postnuke:0.75:::::::*
cpe:2.3:a:postnuke_software_foundation:postnuke:0.75_rc3:::::::*
cpe:2.3:a:postnuke_software_foundation:postnuke:0.76_rc4:::::::*
cpe:2.3:a:postnuke_software_foundation:postnuke:0.76_rc4a:::::::*
cpe:2.3:a:postnuke_software_foundation:postnuke:0.76_rc4b:::::::*
cpe:2.3:a:postnuke_software_foundation:postnuke:0.703:::::::*
cpe:2.3:a:postnuke_software_foundation:postnuke:0.721:::::::*
cpe:2.3:a:postnuke_software_foundation:postnuke:0.726.3:::::::*
cpe:2.3:a:postnuke_software_foundation:postnuke:0.761:::::::*
cpe:2.3:a:postnuke_software_foundation:postnuke:0.761a:::::::*