Small width layout Medium width layout Maximum width layout Small text Medium text Large text
     Search
Downloads Downloads Directory Directory Forums Forums Forge Forge Blogs Blogs        Marketplace Marketplace Careers Program Careers
News › Security Policy › Security Bulletin no. 18 Register  |  

AspDotNetStoreFront
HTML/Script Code Injection Vulnerability

Published: June 11, 2008

Version: 1.0

Maximum Severity Rating: Low

Background

Whilst installing DotNetNuke if an error occurs, as the custom error handling system may not be in place a redirect is performed to an error handling page.

Issue Summary

The error handling page optionally reads back a querystring parameter that may contain additional error information. This parameter was not being encoded before being echoed to the screen and could allow for script or html injection issues.

Mitigating factors

N/A

Affected DotNetNuke versions

4.6.2 - 4.8.3 inclusive.


Non-Affected Versions:

N/A

Fix(s) for issue

To fix this problem, you are recommended to update to the latest version of DotNetNuke (4.8.4 at time of writing)

Acknowledgments

Jimmy Summers- -Southern Progress Corporation

Security Policy


Click here to read more details on the DotNetNuke Security Policy
 


DNN SEO
Seablick Consulting specializes in DNN search engine optimization (SEO), DNN consulting, as well as support & training.
seablick.com 		Intura Vision / Intura Enterprise
Point-of-Sale and business management applications targeted towards quick service, fast casual and delivery-based restaurant concepts.
www.intura.com 		Dnaxp.Net
Dnaxp.Net offers a comprehensive base of information, resources, and support for DotNetNuke.
www.dnaxp.net

DotNetNuke Corporation   Terms Of Use  Privacy Statement
DotNetNuke®, DNN®, and the DotNetNuke logo are trademarks of DotNetNuke Corporation
Hosted by MaximumASP