CVE-2007-0660

Name of the Vulnerable Software and Affected Versions DotNetNuke (DNN) IFrame module versions prior to 03.02.01

Description The issue is related to a cross-site scripting (XSS) vulnerability caused by improper validation of user-supplied input. This allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to "Pass through values." A remote attacker could exploit this vulnerability using various parameters in a specially-crafted URL to execute script in a victim's Web browser within the security context of the hosting Web site, once the URL is clicked. This could be used to steal the victim's cookie-based authentication credentials.

Recommendations For DotNetNuke (DNN) IFrame module versions prior to 03.02.01, update to version 03.02.01 or later to resolve the issue. As a temporary workaround, consider restricting the use of the IFrame module until a patch is applied. Avoid using the module with untrusted input to minimize the risk of exploitation.