Published: Jan 19, 2011
Maximum Severity Rating: Low
DotNetNuke contains a number of functions that are used to sanitize user input..
The blacklist function that is used to strip dangerous content that could lead to a cross-site scripting attack (XSS) did not contain a match for a particular string. If this string contained an invalid HTML tag, a XSS attack could occur.
Affected DotNetNuke versions
Fix(s) for issue
To fix this problem, you are recommended to update to the latest version of DotNetNuke (5.6.1 at time of writing)
Click here to read more details on the DotNetnuke Security Policy