CVE-2006-4973
Cross-site scripting (XSS) vulnerability in Default.aspx in Perpetual Motion Interactive Systems DotNetNuke before 3.3.5, and 4.x before 4.3.5, allows remote attackers to inject arbitrary HTML via the error parameter.
| Software | From | Fixed in |
|---|---|---|
| dotnetnuke / dotnetnuke | 2.1.1 | 2.1.1.x |
| dotnetnuke / dotnetnuke | 1.0.10e | 1.0.10e.x |
| dotnetnuke / dotnetnuke | 1.0.10d | 1.0.10d.x |
| dotnetnuke / dotnetnuke | 1.0.7 | 1.0.7.x |
| dotnetnuke / dotnetnuke | 1.0.8 | 1.0.8.x |
| dotnetnuke / dotnetnuke | 1.0.6 | 1.0.6.x |
| dotnetnuke / dotnetnuke | 1.0.9 | 1.0.9.x |
| dotnetnuke / dotnetnuke | 3.0.8 | 3.0.8.x |
| dotnetnuke / dotnetnuke | 2.1.2 | 2.1.2.x |
| dotnetnuke / dotnetnuke | 4.0 | 4.0.x |
| dotnetnuke / dotnetnuke | 3.0.7 | 3.0.7.x |
| dotnetnuke / dotnetnuke | 3.1.0 | 3.1.0.x |
- http://secunia.com/advisories/22051
- http://www.dotnetnuke.com/About/WhatIsDotNetNuke/SecurityPolicy/SecurityBulletinno3/tabid/990/Default.aspx
- http://www.secureshapes.com/advisories/vuln20-09-2006.htm
- http://www.securityfocus.com/bid/20117
- http://www.vupen.com/english/advisories/2006/3734
- https://exchange.xforce.ibmcloud.com/vulnerabilities/29048
Deep Security Visibility Without the Complexity
SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.
- No setup fees
- 5-min deployment
- Cancel anytime