Vulnerability Description
Cross-site scripting (XSS) vulnerability in Default.aspx in Perpetual Motion Interactive Systems DotNetNuke before 3.3.5, and 4.x before 4.3.5, allows remote attackers to inject arbitrary HTML via the error parameter.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Dnnsoftware | Dotnetnuke | 1.0.6 |
References
- http://secunia.com/advisories/22051
- http://www.dotnetnuke.com/About/WhatIsDotNetNuke/SecurityPolicy/SecurityBulletinPatchVendor Advisory
- http://www.secureshapes.com/advisories/vuln20-09-2006.htmExploitPatchVendor Advisory
- http://www.securityfocus.com/bid/20117Exploit
- http://www.vupen.com/english/advisories/2006/3734
- https://exchange.xforce.ibmcloud.com/vulnerabilities/29048
- http://secunia.com/advisories/22051
- http://www.dotnetnuke.com/About/WhatIsDotNetNuke/SecurityPolicy/SecurityBulletinPatchVendor Advisory
- http://www.secureshapes.com/advisories/vuln20-09-2006.htmExploitPatchVendor Advisory
- http://www.securityfocus.com/bid/20117Exploit
- http://www.vupen.com/english/advisories/2006/3734
- https://exchange.xforce.ibmcloud.com/vulnerabilities/29048
FAQ
What is CVE-2006-4973?
CVE-2006-4973 is a vulnerability with a CVSS score of 4.3 (MEDIUM). Cross-site scripting (XSS) vulnerability in Default.aspx in Perpetual Motion Interactive Systems DotNetNuke before 3.3.5, and 4.x before 4.3.5, allows remote attackers to inject arbitrary HTML via the...
How severe is CVE-2006-4973?
CVE-2006-4973 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2006-4973?
Check the references section above for vendor advisories and patch information. Affected products include: Dnnsoftware Dotnetnuke.