Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-6732

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2008-6732
Last Modified 15 Aug 2009 01:18:46
Published 21 Apr 2009 02:30:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2008-6732

Summary

Cross-site scripting (XSS) vulnerability in the Language skin object in DotNetNuke before 4.8.4 allows remote attackers to inject arbitrary web script or HTML via "newly generated paths."

Vulnerable Systems

Application

  • Dotnetnuke 1.0.10d

  • Dotnetnuke 1.0.10e

  • Dotnetnuke 1.0.6

  • Dotnetnuke 1.0.7

  • Dotnetnuke 1.0.8

  • Dotnetnuke 1.0.9

  • Dotnetnuke 2.1.1

  • Dotnetnuke 2.1.2

  • Dotnetnuke 3.0.11

  • Dotnetnuke 3.0.7

  • Dotnetnuke 3.0.8

  • Dotnetnuke 3.1.0

  • Dotnetnuke 3.3.5

  • Dotnetnuke 4.0

  • Dotnetnuke 4.3.5

  • Dotnetnuke 4.5.2

  • Dotnetnuke 4.5.4

  • Dotnetnuke 4.5.5

  • Dotnetnuke 4.6.0

  • Dotnetnuke 4.6.1

  • Dotnetnuke 4.6.2

  • Dotnetnuke 4.7.0

  • Dotnetnuke 4.8.0

  • Dotnetnuke 4.8.1

  • Dotnetnuke 4.8.2

  • Dotnetnuke 4.8.3


References

XF - dotnetnuke-lso-xss(43030)

BID - 29686

OSVDB - 46322

CONFIRM - http://www.dotnetnuke.com/News/SecurityPolicy/SecurityBulletinno20/tabid/1167/Default.aspx

SECUNIA - 30617


Last Updated: 27 May 2016 10:49:18