4.3
CVE-2006-4973
- EPSS 1.9%
- Veröffentlicht 25.09.2006 01:07:00
- Zuletzt bearbeitet 16.06.2026 22:30:13
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
LoginCross-site scripting (XSS) vulnerability in Default.aspx in Perpetual Motion Interactive Systems DotNetNuke before 3.3.5, and 4.x before 4.3.5, allows remote attackers to inject arbitrary HTML via the error parameter.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Dnnsoftware ≫ Dotnetnuke Version1.0.6
Dnnsoftware ≫ Dotnetnuke Version1.0.7
Dnnsoftware ≫ Dotnetnuke Version1.0.8
Dnnsoftware ≫ Dotnetnuke Version1.0.9
Dnnsoftware ≫ Dotnetnuke Version1.0.10d
Dnnsoftware ≫ Dotnetnuke Version1.0.10e
Dnnsoftware ≫ Dotnetnuke Version2.1.1
Dnnsoftware ≫ Dotnetnuke Version2.1.2
Dnnsoftware ≫ Dotnetnuke Version3.0.7
Dnnsoftware ≫ Dotnetnuke Version3.0.8
Dnnsoftware ≫ Dotnetnuke Version3.1.0
Dnnsoftware ≫ Dotnetnuke Version4.0
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 1.9% | 0.77 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 4.3 | 8.6 | 2.9 |
AV:N/AC:M/Au:N/C:N/I:P/A:N
|
http://secunia.com/advisories/22051
http://www.dotnetnuke.com/About/WhatIsDotNetNuke/SecurityPolicy/SecurityBulletinno3/tabid/990/Default.aspx
http://www.secureshapes.com/advisories/vuln20-09-2006.htm
http://www.securityfocus.com/bid/20117
http://www.vupen.com/english/advisories/2006/3734
https://exchange.xforce.ibmcloud.com/vulnerabilities/29048