CVE-2006-4973 Information

Description

Cross-site scripting (XSS) vulnerability in Default.aspx in Perpetual Motion Interactive Systems DotNetNuke before 3.3.5 and 4.x before 4.3.5 allows remote attackers to inject arbitrary HTML via the error parameter.

Reference

http://secunia.com/advisories/22051 http://www.dotnetnuke.com/About/WhatIsDotNetNuke/SecurityPolicy/SecurityBulletinno3/tabid/990/Default.aspx http://www.secureshapes.com/advisories/vuln20-09-2006.htm http://www.securityfocus.com/bid/20117 http://www.vupen.com/english/advisories/2006/3734 https://exchange.xforce.ibmcloud.com/vulnerabilities/29048