Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-6733

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2008-6733
Last Modified 15 Aug 2009 01:18:46
Published 21 Apr 2009 02:30:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2008-6733

Summary

Cross-site scripting (XSS) vulnerability in the error handling page in DotNetNuke 4.6.2 through 4.8.3 allows remote attackers to inject arbitrary web script or HTML via the querystring parameter.

Vulnerable Systems

Application

  • Dotnetnuke 4.6.2

  • Dotnetnuke 4.8.1

  • Dotnetnuke 4.8.2

  • Dotnetnuke 4.8.3


References

XF - dotnetnuke-errorpage-xss(43026)

BID - 29686

OSVDB - 46323

CONFIRM - http://www.dotnetnuke.com/News/SecurityPolicy/SecurityBulletinno18/tabid/1165/Default.aspx

SECUNIA - 30617


Last Updated: 27 May 2016 10:49:18