Cross-site scripting (XSS) vulnerability in Default.aspx in Perpetual Motion Interactive Systems DotNetNuke before 3.3.5, and 4.x before 4.3.5, allows remote attackers to inject arbitrary HTML via the error parameter.
References
Link | Resource |
---|---|
http://secunia.com/advisories/22051 | |
http://www.dotnetnuke.com/About/WhatIsDotNetNuke/SecurityPolicy/SecurityBulletinno3/tabid/990/Default.aspx | Patch Vendor Advisory |
http://www.secureshapes.com/advisories/vuln20-09-2006.htm | Exploit Patch Vendor Advisory URL Repurposed |
http://www.securityfocus.com/bid/20117 | Exploit |
http://www.vupen.com/english/advisories/2006/3734 | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/29048 |
Configurations
Configuration 1 (hide)
|
History
14 Feb 2024, 01:17
Type | Values Removed | Values Added |
---|---|---|
References | (MISC) http://www.secureshapes.com/advisories/vuln20-09-2006.htm - Exploit, Patch, Vendor Advisory, URL Repurposed |
Information
Published : 2006-09-25 01:07
Updated : 2024-02-28 11:01
NVD link : CVE-2006-4973
Mitre link : CVE-2006-4973
CVE.ORG link : CVE-2006-4973
JSON object : View
Products Affected
dotnetnuke
- dotnetnuke
CWE