Published: May 19, 2009
Version: 1.1 (edited 18 May 2010 to reflect addition versions affected - 5.0.0 and 5.0.1)
Maximum Severity Rating: Low
Whilst installing DotNetNuke if an error occurs, as the custom error handling system may not be in place a redirect is performed to an error handling page.
The error handling page optionally reads back a querystring parameter that may contain additional error information. Whilst this parameter is typically encoded, an invalid tag could be used to bypass the filter, potentially to unencoded content being echoed to the screen and could allow for script or html injection issues.
Affected DotNetNuke versions
4.0 - 4.9.3 inclusive.
5.0.0 - 5.0.1 inclusive.
Fix(s) for issue
To fix this problem, you are recommended to update to the latest version of DotNetNuke (5.4.1 at time of writing)
Ben Hawkes - Lateral Security (www.lateralsecurity.com)
Click here to read more details on the DotNetNuke Security Policy