Published: September 17, 2006

Version: 1.0

Maximum Severity Rating: Low

Background

To ensure pages work as desired, the page name and any associated parameters are copied to the form action tag on every page request.

Issue Summary

Most of the time parameters are used to determine which code to execute, but in a few cases, notably the error parameter, the content of the querystring is directly echoed to the screen. Until recently, the querystring parameters were only screened for javascript to prevent potential cross-site scripting attacks, but it was possible to inject arbitrarty HTML into the page e.g. a page redirect to an IFRAME. This vulnerability has now been closed in 3.3.5/4.3.5.

Mitigating factors

N/A

Affected DotNetNuke versions

• All Versions

Non-Affected Versions:

• N/A

Fix(s) for issue

To fix this problem, you are recommended to update to the latest version of DotNetNuke (3.3.5/4.3.5 at time of writing)

Acknowledgments

DotNetNuke thanks the following for working with us to help protect users:

• Roberto Suggi Liverani & Antonio Spera of Secure Shapes

Security Policy

Click here to read more details on the DotNetnuke Security Policy