CVE-2009-1366

Name of the Vulnerable Software and Affected Versions DotNetNuke (DNN) versions prior to 4.9.3

Description A cross-site scripting (XSS) issue exists, allowing remote attackers to inject arbitrary web script or HTML. This is related to "name/value pairs" and "paypal IPN functionality" in the paypalipn.aspx file.

Recommendations For versions prior to 4.9.3, update to version 4.9.3 or later to resolve the issue. As a temporary workaround, consider restricting access to the paypalipn.aspx file in the WebsiteadminSales directory until the update is applied.