Published: June 11, 2008
Maximum Severity Rating: Low
Whilst installing DotNetNuke if an error occurs, as the custom error handling system may not be in place a redirect is performed to an error handling page.
The error handling page optionally reads back a querystring parameter that may contain additional error information. This parameter was not being encoded before being echoed to the screen and could allow for script or html injection issues.
Affected DotNetNuke versions
4.6.2 - 4.8.3 inclusive.
Fix(s) for issue
To fix this problem, you are recommended to update to the latest version of DotNetNuke (4.8.4 at time of writing)
Jimmy Summers- -Southern Progress Corporation
Click here to read more details on the DotNetNuke Security Policy