Published: Apr 3, 2013
Version: 1.0
Maximum Severity Rating: low
Background
DotNetNuke supports the ability to to use multiple languages.
Issue Summary
When running with multiple languages a flag selector is available. This echoes the page address with the different culture's available, but fails to remove any potential html/javascript injection.
Mitigating factors
- sites must have more than 1 language enabled
- sites must be using core language skin object
Affected DotNetNuke versions
Non-Affected Versions:
Fix(s) for issue
To fix this problem, you are recommended to update to the latest version of DotNetNuke (6.2.7/7.0.5 at time of writing)
Acknowledgments
N/A
Security Policy
Click here to read more details on the DotNetnuke Security Policy