CVE-2007-0660: XSS
First published: Thu Feb 01 2007(Updated: )
Cross-site scripting (XSS) vulnerability in the IFrame module before 03.02.01 for DotNetNuke (DNN) allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to "Pass through values."
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| nuget/DotNetNuke.Core | <03.02.01 | 03.02.01 |
| DNN (DotNetNuke) | <=03.01.01 | |
| DNN (DotNetNuke) | =03.02.00 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.dotnetnuke.com/Default.aspx?tabid=825&EntryID=1278
- http://www.securityfocus.com/bid/22334
- http://osvdb.org/36476
- http://www.vupen.com/english/advisories/2007/0433
- https://exchange.xforce.ibmcloud.com/vulnerabilities/32037
- https://nvd.nist.gov/vuln/detail/CVE-2007-0660
- https://web.archive.org/web/20071128032502/http://www.dotnetnuke.com/Default.aspx?tabid=825&EntryID=1278
- https://web.archive.org/web/20081007210427/http://www.securityfocus.com/bid/22334
- https://github.com/advisories/GHSA-xr96-7ccp-pg5c (Advisory)
Frequently Asked Questions
What is the severity of CVE-2007-0660?
CVE-2007-0660 is classified as a medium-severity vulnerability due to its potential for cross-site scripting attacks.
How do I fix CVE-2007-0660?
To fix CVE-2007-0660, upgrade the IFrame module to version 03.02.01 or later.
What software is affected by CVE-2007-0660?
CVE-2007-0660 affects DotNetNuke IFrame module versions prior to 03.02.01.
What kind of attack can CVE-2007-0660 enable?
CVE-2007-0660 can enable remote attackers to perform cross-site scripting attacks by injecting arbitrary web scripts.
Where can I find more information about CVE-2007-0660?
For more information about CVE-2007-0660, consult security advisories and vulnerability databases that track this issue.
- collector/github-advisory-latest
- alias/GHSA-xr96-7ccp-pg5c
- alias/CVE-2007-0660
- collector/github-advisory
- agent/author
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/weakness
- agent/references
- agent/last-modified-date
- agent/description
- agent/first-publish-date
- agent/event
- agent/trending
- agent/source
- agent/tags
- collector/nvd-cve
- agent/software-canonical-lookup-request
- collector/nvd-index
- collector/nvd-historical
- package-manager/nuget
- vendor/dotnetnuke
- canonical/dnn (dotnetnuke)
- version/dnn (dotnetnuke)/03.01.01
- version/dnn (dotnetnuke)/03.02.00