PostNuke version 0.726, and possibly earlier releases, are open to SQL injection and cross site scripting attacks due to a lack of proper parameter sanitizing.
You can download this advisory from the following link: https://packetstormsecurity.com/files/download/32475/01032004.html
Source: https://packetstormsecurity.com/files/32475/01032004.html.html