Summary
The host is installed with DotNetNuke and is prone to Cross Site Scripting Vulnerability.
Impact
Successful attack could lead to execution of arbitrary HTML and script code in the context of an affected site.
Impact Level: Application
Solution
Update to version 5.2.0 or later,
For updates refer to http://www.dotnetnuke.com/
Insight
The flaw is due to input passed to the search parameters are not properly sanitized before being returned to the user.
Affected
DotNetNuke versions 4.8 through 5.1.4 on all running platforms.
References
Severity
Classification
-
CVE CVE-2009-4110 -
CVSS Base Score: 4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N
Related Vulnerabilities