{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "Cross-site scripting (XSS) vulnerability in the Downloads module in PostNuke up to 0.726, and possibly later versions, allows remote attackers to inject arbitrary HTML and web script via the ttitle parameter in a viewdownloaddetails action."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2007-11-14T02:00:00Z", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "1008629", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://securitytracker.com/id?1008629"}, {"name": "20040102 PostNuke Issues (0.726 && Possibly Older)", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2004-01/0015.html"}, {"tags": ["x_refsource_MISC"], "url": "http://www.gulftech.org/01032004.php"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2004-2752", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Cross-site scripting (XSS) vulnerability in the Downloads module in PostNuke up to 0.726, and possibly later versions, allows remote attackers to inject arbitrary HTML and web script via the ttitle parameter in a viewdownloaddetails action."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "1008629", "refsource": "SECTRACK", "url": "http://securitytracker.com/id?1008629"}, {"name": "20040102 PostNuke Issues (0.726 && Possibly Older)", "refsource": "BUGTRAQ", "url": "http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2004-01/0015.html"}, {"name": "http://www.gulftech.org/01032004.php", "refsource": "MISC", "url": "http://www.gulftech.org/01032004.php"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-08T01:36:25.312Z"}, "title": "CVE Program Container", "references": [{"name": "1008629", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://securitytracker.com/id?1008629"}, {"name": "20040102 PostNuke Issues (0.726 && Possibly Older)", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2004-01/0015.html"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://www.gulftech.org/01032004.php"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2004-2752", "datePublished": "2007-11-14T02:00:00Z", "dateReserved": "2007-11-13T00:00:00Z", "dateUpdated": "2024-09-17T02:21:24.091Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:postnuke_software_foundation:postnuke:0.726:*:*:*:*:*:*:*", "matchCriteriaId": "EED5E57D-A2EA-43C7-A29B-537FDE0656A2", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Cross-site scripting (XSS) vulnerability in the Downloads module in PostNuke up to 0.726, and possibly later versions, allows remote attackers to inject arbitrary HTML and web script via the ttitle parameter in a viewdownloaddetails action."}], "id": "CVE-2004-2752", "lastModified": "2025-04-03T01:03:51.193", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}]}, "published": "2004-12-31T05:00:00.000", "references": [{"source": "cve@mitre.org", "tags": ["Patch"], "url": "http://securitytracker.com/id?1008629"}, {"source": "cve@mitre.org", "url": "http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2004-01/0015.html"}, {"source": "cve@mitre.org", "url": "http://www.gulftech.org/01032004.php"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "http://securitytracker.com/id?1008629"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2004-01/0015.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.gulftech.org/01032004.php"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}