===================================================================== CERT-Renater Note d'Information No. 2009/VULN346 _____________________________________________________________________ DATE : 07/09/2009 HARDWARE PLATFORM(S) : / OPERATING SYSTEM(S) : Systems running DotNetNuke versions prior to 4.9.5, 5.1.2. ====================================================================== http://www.dotnetnuke.com/News/SecurityPolicy/securitybulletinno28/tabid/1363/Default.aspx ______________________________________________________________________ HTML/Script Code Injection Vulnerability when working with multiple languages Published: September 2, 2009 Version: 1.0 Maximum Severity Rating: Low Background To support switching between languages via the Language skin object, the skin object renders the existing page path along with the relevant country flag and a language token. It also supports the ability to supply replaceable tokens. Issue Summary The language skin object failed to encode the newly generated paths which meant that a hacker could inject html/script to perform cross-site scripting attacks. Mitigating factors Only DotNetNuke sites that have multiple language pack installs and use the Language skin object suffer from this flaw. Affected DotNetNuke versions All others Non-Affected Versions: N/A Fix(s) for issue To fix this problem, you are recommended to update to the latest version of DotNetNuke (4.9.5/5.1.2 at time of writing) Acknowledgments Leo Lin (Wisedata.com.tw) Security Policy ====================================================================== ========================================================= Les serveurs de référence du CERT-Renater http://www.urec.fr/securite http://www.cru.fr/securite http://www.renater.fr ========================================================= + CERT-RENATER | tel : 01-53-94-20-44 + + 151 bd de l'Hopital | fax : 01-53-94-20-41 + + 75013 Paris | email: certsvp@renater.fr + =========================================================