Published: Jan 19, 2011
Maximum Severity Rating: Low
DotNetNuke has custom error handling which both logs and displays the results of unexpected exceptions.
Whilst correctly encoding the error messages to protect against cross-site scripting attacks, the error page was assuming values returned by the asp.net framework were safe. A potential hacker could generate a custom URL which contained an invalid viewstate value, composed of an XSS attack. If a user could then be fooled into clicking on that link, a reflective XSS issue would occur
Users would have to be fooled into clicking on a link that contained the invalid viewstate. In addition DotNetNuke contains a number of pieces of protection against cross-site scripting issues including the use of the HTTPOnly attribute which stops XSS code accessing users cookies.
Affected DotNetNuke versions
Fix(s) for issue
To fix this problem, you are recommended to update to the latest version of DotNetNuke (5.6.1 at time of writing)
Richard Brain of ProCheckUp Ltd (www.procheckup.com
Click here to read more details on the DotNetnuke Security Policy