BID:22334

DotNetNuke IFrame Module Unspecified Cross-Site Scripting Vulnerability

Info

DotNetNuke IFrame Module Unspecified Cross-Site Scripting Vulnerability

Bugtraq ID:	22334
Class:	Input Validation Error
CVE:	CVE-2007-0660
Remote:	Yes
Local:	No
Published:	Jan 31 2007 12:00AM
Updated:	May 12 2015 07:34PM
Credit:	The vendor disclosed this issue.
Vulnerable:	DotNetNuke IFrame module 3.2

Not Vulnerable:	DotNetNuke IFrame module 3.2.1

Discussion

DotNetNuke IFrame Module Unspecified Cross-Site Scripting Vulnerability

IFrame is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input.

An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.

Versions prior to 03.02.01 are vulnerable.

Exploit / POC

Solution / Fix

DotNetNuke IFrame Module Unspecified Cross-Site Scripting Vulnerability

Solution:
The vendor has released fixes to address this issue. Please see the references for more information.

DotNetNuke IFrame module 3.2

DotNetNuke IFrame_03.02.01_Install.zip
http://www.dotnetnuke.com/LinkClick.aspx?link=http%3a%2f%2fprdownloads .sourceforge.net%2fdnn%2fIFrame_03.02.01_Install.zip%3fdownload&tabid= 863&mid=3430

References

DotNetNuke IFrame Module Unspecified Cross-Site Scripting Vulnerability

References:

IFrame Module Home Page (DotNetNuke)
IFrame 03.02.01 released. (Stefan Cullman)