Published: May 19, 2009

Version: 1.1 (edited 18 May 2010 to reflect addition versions affected - 5.0.0 and 5.0.1)

Maximum Severity Rating: Low

Background

Whilst installing DotNetNuke if an error occurs, as the custom error handling system may not be in place a redirect is performed to an error handling page.

Issue Summary

The error handling page optionally reads back a querystring parameter that may contain additional error information. Whilst this parameter is typically encoded, an invalid tag could be used to bypass the filter, potentially to unencoded content being echoed to the screen and could allow for script or html injection issues.

Mitigating factors

N/A

Affected DotNetNuke versions

4.0 - 4.9.3 inclusive.
5.0.0 - 5.0.1 inclusive.

Non-Affected Versions:

N/A

Fix(s) for issue

To fix this problem, you are recommended to update to the latest version of DotNetNuke (5.4.1 at time of writing)

Acknowledgments

Ben Hawkes - Lateral Security (www.lateralsecurity.com)

Security Policy

Click here to read more details on the DotNetNuke Security Policy