Search criteria
3 vulnerabilities found for dotnetnuke_iframe by dotnetnuke
FKIE_CVE-2007-0660
Vulnerability from fkie_nvd - Published: 2007-02-01 22:28 - Updated: 2025-04-09 00:30
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in the IFrame module before 03.02.01 for DotNetNuke (DNN) allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to "Pass through values."
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| dotnetnuke | dotnetnuke_iframe | * | |
| dotnetnuke | dotnetnuke_iframe | 03.02.00 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:dotnetnuke:dotnetnuke_iframe:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FC149D3D-5D04-4EB3-BDE0-3E93732F430C",
"versionEndIncluding": "03.01.01",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dotnetnuke:dotnetnuke_iframe:03.02.00:*:*:*:*:*:*:*",
"matchCriteriaId": "3D5E42EA-2772-4A03-B081-EC660E482BEC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the IFrame module before 03.02.01 for DotNetNuke (DNN) allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to \"Pass through values.\""
},
{
"lang": "es",
"value": "Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en el m\u00f3dulo IFrame versiones anteriores a 03.02.01 para DotNetNuke (DNN) permite a atacantes remotos inyectar scripts web o HTML de su elecci\u00f3n mediante vectores no especificados referidos a \"Paso a trav\u00e9s de valores\"."
}
],
"id": "CVE-2007-0660",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2007-02-01T22:28:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/36476"
},
{
"source": "cve@mitre.org",
"url": "http://www.dotnetnuke.com/Default.aspx?tabid=825\u0026EntryID=1278"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/22334"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2007/0433"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32037"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/36476"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.dotnetnuke.com/Default.aspx?tabid=825\u0026EntryID=1278"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/22334"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2007/0433"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32037"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2007-0660 (GCVE-0-2007-0660)
Vulnerability from cvelistv5 – Published: 2007-02-01 22:00 – Updated: 2024-08-07 12:26
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in the IFrame module before 03.02.01 for DotNetNuke (DNN) allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to "Pass through values."
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T12:26:54.170Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "dotnetnuke-iframe-unspecified-xss(32037)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32037"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.dotnetnuke.com/Default.aspx?tabid=825\u0026EntryID=1278"
},
{
"name": "22334",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/22334"
},
{
"name": "36476",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/36476"
},
{
"name": "ADV-2007-0433",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/0433"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-01-31T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the IFrame module before 03.02.01 for DotNetNuke (DNN) allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to \"Pass through values.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "dotnetnuke-iframe-unspecified-xss(32037)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32037"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.dotnetnuke.com/Default.aspx?tabid=825\u0026EntryID=1278"
},
{
"name": "22334",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/22334"
},
{
"name": "36476",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/36476"
},
{
"name": "ADV-2007-0433",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/0433"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-0660",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the IFrame module before 03.02.01 for DotNetNuke (DNN) allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to \"Pass through values.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "dotnetnuke-iframe-unspecified-xss(32037)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32037"
},
{
"name": "http://www.dotnetnuke.com/Default.aspx?tabid=825\u0026EntryID=1278",
"refsource": "CONFIRM",
"url": "http://www.dotnetnuke.com/Default.aspx?tabid=825\u0026EntryID=1278"
},
{
"name": "22334",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/22334"
},
{
"name": "36476",
"refsource": "OSVDB",
"url": "http://osvdb.org/36476"
},
{
"name": "ADV-2007-0433",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/0433"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-0660",
"datePublished": "2007-02-01T22:00:00",
"dateReserved": "2007-02-01T00:00:00",
"dateUpdated": "2024-08-07T12:26:54.170Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-0660 (GCVE-0-2007-0660)
Vulnerability from nvd – Published: 2007-02-01 22:00 – Updated: 2024-08-07 12:26
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in the IFrame module before 03.02.01 for DotNetNuke (DNN) allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to "Pass through values."
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T12:26:54.170Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "dotnetnuke-iframe-unspecified-xss(32037)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32037"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.dotnetnuke.com/Default.aspx?tabid=825\u0026EntryID=1278"
},
{
"name": "22334",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/22334"
},
{
"name": "36476",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/36476"
},
{
"name": "ADV-2007-0433",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/0433"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-01-31T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the IFrame module before 03.02.01 for DotNetNuke (DNN) allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to \"Pass through values.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "dotnetnuke-iframe-unspecified-xss(32037)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32037"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.dotnetnuke.com/Default.aspx?tabid=825\u0026EntryID=1278"
},
{
"name": "22334",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/22334"
},
{
"name": "36476",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/36476"
},
{
"name": "ADV-2007-0433",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/0433"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-0660",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the IFrame module before 03.02.01 for DotNetNuke (DNN) allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to \"Pass through values.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "dotnetnuke-iframe-unspecified-xss(32037)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32037"
},
{
"name": "http://www.dotnetnuke.com/Default.aspx?tabid=825\u0026EntryID=1278",
"refsource": "CONFIRM",
"url": "http://www.dotnetnuke.com/Default.aspx?tabid=825\u0026EntryID=1278"
},
{
"name": "22334",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/22334"
},
{
"name": "36476",
"refsource": "OSVDB",
"url": "http://osvdb.org/36476"
},
{
"name": "ADV-2007-0433",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/0433"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-0660",
"datePublished": "2007-02-01T22:00:00",
"dateReserved": "2007-02-01T00:00:00",
"dateUpdated": "2024-08-07T12:26:54.170Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}