Cross-site scripting (XSS) vulnerability in Default.aspx in Perpetual Motion Interactive Systems DotNetNuke before 3.3.5, and 4.x before 4.3.5, allows remote attackers to inject arbitrary HTML via the error parameter.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Dotnetnuke | Dnnsoftware | 1.0.6 (including) | 1.0.6 (including) |
| Dotnetnuke | Dnnsoftware | 1.0.7 (including) | 1.0.7 (including) |
| Dotnetnuke | Dnnsoftware | 1.0.8 (including) | 1.0.8 (including) |
| Dotnetnuke | Dnnsoftware | 1.0.9 (including) | 1.0.9 (including) |
| Dotnetnuke | Dnnsoftware | 1.0.10d (including) | 1.0.10d (including) |
| Dotnetnuke | Dnnsoftware | 1.0.10e (including) | 1.0.10e (including) |
| Dotnetnuke | Dnnsoftware | 2.1.1 (including) | 2.1.1 (including) |
| Dotnetnuke | Dnnsoftware | 2.1.2 (including) | 2.1.2 (including) |
| Dotnetnuke | Dnnsoftware | 3.0.7 (including) | 3.0.7 (including) |
| Dotnetnuke | Dnnsoftware | 3.0.8 (including) | 3.0.8 (including) |
| Dotnetnuke | Dnnsoftware | 3.1.0 (including) | 3.1.0 (including) |
| Dotnetnuke | Dnnsoftware | 4.0 (including) | 4.0 (including) |
References
- http://secunia.com/advisories/22051
- http://www.dotnetnuke.com/About/WhatIsDotNetNuke/SecurityPolicy/SecurityBulletinno3/tabid/990/Default.aspx
- http://www.secureshapes.com/advisories/vuln20-09-2006.htm
- http://www.securityfocus.com/bid/20117
- http://www.vupen.com/english/advisories/2006/3734
- https://exchange.xforce.ibmcloud.com/vulnerabilities/29048
- http://secunia.com/advisories/22051
- http://www.dotnetnuke.com/About/WhatIsDotNetNuke/SecurityPolicy/SecurityBulletinno3/tabid/990/Default.aspx
- http://www.secureshapes.com/advisories/vuln20-09-2006.htm
- http://www.securityfocus.com/bid/20117
- http://www.vupen.com/english/advisories/2006/3734
- https://exchange.xforce.ibmcloud.com/vulnerabilities/29048