CVE-2005-0616 - Parturient Package

Description

Multiple cross-site scripting (XSS) vulnerabilities in the Download module for PostNuke 0.750 and 0.760-RC2 allow remote attackers to inject arbitrary web script or HTML via the (1) Program name (2) File link (3) Author name (4) Author e-mail address (5) File size (6) Version or (7) Home page variables.

Reference

http://news.postnuke.com/Article2669.html http://securitytracker.com/id?1013324 http://marc.info/?l=bugtraq&m=110962768300373&w=2