Vulnerabilities > CVE-2006-4973 - Unspecified vulnerability in Dotnetnuke
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN dotnetnuke
exploit available
Summary
Cross-site scripting (XSS) vulnerability in Default.aspx in Perpetual Motion Interactive Systems DotNetNuke before 3.3.5, and 4.x before 4.3.5, allows remote attackers to inject arbitrary HTML via the error parameter.
Vulnerable Configurations
Exploit-Db
| description | DotNetNuke 4.0 HTML Injection Vulnerability. CVE-2006-4973. Webapps exploit for asp platform |
| id | EDB-ID:28615 |
| last seen | 2016-02-03 |
| modified | 2006-09-17 |
| published | 2006-09-17 |
| reporter | Secure Shapes |
| source | https://www.exploit-db.com/download/28615/ |
| title | DotNetNuke <= 4.0 HTML Injection Vulnerability |
References
- http://secunia.com/advisories/22051
- http://secunia.com/advisories/22051
- http://www.dotnetnuke.com/About/WhatIsDotNetNuke/SecurityPolicy/SecurityBulletinno3/tabid/990/Default.aspx
- http://www.dotnetnuke.com/About/WhatIsDotNetNuke/SecurityPolicy/SecurityBulletinno3/tabid/990/Default.aspx
- http://www.secureshapes.com/advisories/vuln20-09-2006.htm
- http://www.secureshapes.com/advisories/vuln20-09-2006.htm
- http://www.securityfocus.com/bid/20117
- http://www.securityfocus.com/bid/20117
- http://www.vupen.com/english/advisories/2006/3734
- http://www.vupen.com/english/advisories/2006/3734
- https://exchange.xforce.ibmcloud.com/vulnerabilities/29048
- https://exchange.xforce.ibmcloud.com/vulnerabilities/29048