CVE-2006-4973

Cross-site scripting (XSS) vulnerability in Default.aspx in Perpetual Motion Interactive Systems DotNetNuke before 3.3.5, and 4.x before 4.3.5, allows remote attackers to inject arbitrary HTML via the error parameter.

Published: Sep 25, 2006
Updated: Apr 13, 2023
CVE: CVE-2006-4973
Severity: Low
Exploit:

CVSS v2:

Severity: Low
Score: 4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
dotnetnuke / dotnetnuke	2.1.1	2.1.1.x
dotnetnuke / dotnetnuke	1.0.10e	1.0.10e.x
dotnetnuke / dotnetnuke	1.0.10d	1.0.10d.x
dotnetnuke / dotnetnuke	1.0.7	1.0.7.x
dotnetnuke / dotnetnuke	1.0.8	1.0.8.x
dotnetnuke / dotnetnuke	1.0.6	1.0.6.x
dotnetnuke / dotnetnuke	1.0.9	1.0.9.x
dotnetnuke / dotnetnuke	3.0.8	3.0.8.x
dotnetnuke / dotnetnuke	2.1.2	2.1.2.x
dotnetnuke / dotnetnuke	4.0	4.0.x
dotnetnuke / dotnetnuke	3.0.7	3.0.7.x
dotnetnuke / dotnetnuke	3.1.0	3.1.0.x

http://secunia.com/advisories/22051
http://www.dotnetnuke.com/About/WhatIsDotNetNuke/SecurityPolicy/SecurityBulletinno3/tabid/990/Default.aspx
http://www.secureshapes.com/advisories/vuln20-09-2006.htm
http://www.securityfocus.com/bid/20117
http://www.vupen.com/english/advisories/2006/3734
https://exchange.xforce.ibmcloud.com/vulnerabilities/29048

Vulnerability Database

CVE-2006-4973

Deep Security Visibility Without the Complexity