FKIE_CVE-2007-0660

Vulnerability from fkie_nvd - Published: 2007-02-01 22:28 - Updated: 2025-04-09 00:30
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in the IFrame module before 03.02.01 for DotNetNuke (DNN) allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to "Pass through values."
References
cve@mitre.orghttp://osvdb.org/36476
cve@mitre.orghttp://www.dotnetnuke.com/Default.aspx?tabid=825&EntryID=1278
cve@mitre.orghttp://www.securityfocus.com/bid/22334
cve@mitre.orghttp://www.vupen.com/english/advisories/2007/0433
cve@mitre.orghttps://exchange.xforce.ibmcloud.com/vulnerabilities/32037
af854a3a-2127-422b-91ae-364da2661108http://osvdb.org/36476
af854a3a-2127-422b-91ae-364da2661108http://www.dotnetnuke.com/Default.aspx?tabid=825&EntryID=1278
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/22334
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2007/0433
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/32037
Impacted products
Vendor Product Version
dotnetnuke dotnetnuke_iframe *
dotnetnuke dotnetnuke_iframe 03.02.00
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:dotnetnuke:dotnetnuke_iframe:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "FC149D3D-5D04-4EB3-BDE0-3E93732F430C",
              "versionEndIncluding": "03.01.01",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:dotnetnuke:dotnetnuke_iframe:03.02.00:*:*:*:*:*:*:*",
              "matchCriteriaId": "3D5E42EA-2772-4A03-B081-EC660E482BEC",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Cross-site scripting (XSS) vulnerability in the IFrame module before 03.02.01 for DotNetNuke (DNN) allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to \"Pass through values.\""
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en el m\u00f3dulo IFrame versiones anteriores a 03.02.01 para DotNetNuke (DNN) permite a atacantes remotos inyectar scripts web o HTML de su elecci\u00f3n mediante vectores no especificados referidos a \"Paso a trav\u00e9s de valores\"."
    }
  ],
  "id": "CVE-2007-0660",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.8,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": true,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2007-02-01T22:28:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://osvdb.org/36476"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.dotnetnuke.com/Default.aspx?tabid=825\u0026EntryID=1278"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/22334"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2007/0433"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32037"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://osvdb.org/36476"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.dotnetnuke.com/Default.aspx?tabid=825\u0026EntryID=1278"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/22334"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2007/0433"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32037"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.