CVE-2006-4973

Sažetak

Cross-site scripting (XSS) vulnerability in Default.aspx in Perpetual Motion Interactive Systems DotNetNuke before 3.3.5, and 4.x before 4.3.5, allows remote attackers to inject arbitrary HTML via the error parameter.

Reference

http://secunia.com/advisories/22051
http://www.dotnetnuke.com/About/WhatIsDotNetNuke/SecurityPolicy/SecurityBulletinno3/tabid/990/Default.aspx
http://www.secureshapes.com/advisories/vuln20-09-2006.htm
http://www.securityfocus.com/bid/20117
http://www.vupen.com/english/advisories/2006/3734
https://exchange.xforce.ibmcloud.com/vulnerabilities/29048

CVSS

Base:	4.3
Impact:	2.9
Exploitability:	8.6

Pristup

Vektor	Složenost	Autentikacija
NETWORK	MEDIUM	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
NONE	PARTIAL	NONE

CVSS vektor

AV:N/AC:M/Au:N/C:N/I:P/A:N

Zadnje važnije ažuriranje

20-07-2017 - 01:33

Objavljeno

25-09-2006 - 01:07