Summary
The host is installed with DotNetNuke and is prone to Cross Site Scripting Vulnerability.
Impact
Successful attack could lead to execution of arbitrary HTML and script code in the context of an affected site.
Impact Level: Application
Solution
Update to version 5.2.0 or later,
For updates refer to http://www.dotnetnuke.com/
Insight
The flaw is due to input passed to the search parameters are not properly sanitized before being returned to the user.
Affected
DotNetNuke versions 4.8 through 5.1.4 on all running platforms.
References
Severity
Classification
-
CVE CVE-2009-4110 -
CVSS Base Score: 4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N
Related Vulnerabilities
- Apache Continuum Cross Site Scripting Vulnerability
- APC PowerChute Network Shutdown 'security/applet' Cross Site Scripting Vulnerability
- Apache Web Server ETag Header Information Disclosure Weakness
- Apache Struts Showcase Multiple Persistence Cross-Site Scripting Vulnerabilities
- Apache mod_proxy_ajp Information Disclosure Vulnerability