Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-6644

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2008-6644
Last Modified 23 Apr 2009 01:57:38
Published 07 Apr 2009 10:17:17
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2008-6644

Summary

Cross-site scripting (XSS) vulnerability in Default.aspx in DotNetNuke 4.8.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO.

Vulnerable Systems

Application

  • Dotnetnuke 1.0.10d

  • Dotnetnuke 1.0.10e

  • Dotnetnuke 1.0.6

  • Dotnetnuke 1.0.7

  • Dotnetnuke 1.0.8

  • Dotnetnuke 1.0.9

  • Dotnetnuke 2.1.1

  • Dotnetnuke 2.1.2

  • Dotnetnuke 3.0.11

  • Dotnetnuke 3.0.7

  • Dotnetnuke 3.0.8

  • Dotnetnuke 3.1.0

  • Dotnetnuke 3.3.5

  • Dotnetnuke 4.0

  • Dotnetnuke 4.3.5

  • Dotnetnuke 4.5.2

  • Dotnetnuke 4.8.1

  • Dotnetnuke 4.8.2

  • Dotnetnuke 4.8.3


References

XF - dotnetnuke-pathinfo-xss(42752)

BID - 29437

BUGTRAQ - 20080530 Dot Net Nuke (DNN) <= 4.8.3 XSS Vulnerability

CONFIRM - http://www.dotnetnuke.com/News/SecurityPolicy/SecurityBulletinno19/tabid/1166/Default.aspx

SECUNIA - 30617


Last Updated: 27 May 2016 10:49:16