Moderate severityNVD Advisory· Published Feb 1, 2007· Updated Apr 23, 2026

CVE-2007-0660

Description

Cross-site scripting (XSS) vulnerability in the IFrame module before 03.02.01 for DotNetNuke (DNN) allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to "Pass through values."

Affected packages

Versions sourced from the GitHub Security Advisory.

Package	Affected versions	Patched versions
DotNetNuke.CoreNuGet	< 03.02.01	03.02.01

Affected products

Dnnsoftware/Dotnetnuke Iframe2 versions
cpe:2.3:a:dotnetnuke:dotnetnuke_iframe:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:dotnetnuke:dotnetnuke_iframe:*:*:*:*:*:*:*:*range: <=03.01.01
- cpe:2.3:a:dotnetnuke:dotnetnuke_iframe:03.02.00:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/advisories/GHSA-xr96-7ccp-pg5cghsaADVISORY
nvd.nist.gov/vuln/detail/CVE-2007-0660ghsaADVISORY
exchange.xforce.ibmcloud.com/vulnerabilities/32037nvdWEB
web.archive.org/web/20071128032502/http://www.dotnetnuke.com/Default.aspxghsaWEB
web.archive.org/web/20081007210427/http://www.securityfocus.com/bid/22334ghsaWEB
osvdb.org/36476nvd
www.dotnetnuke.com/Default.aspxnvd
www.securityfocus.com/bid/22334nvd
www.vupen.com/english/advisories/2007/0433nvd

News mentions

No linked articles in our index yet.

cvss	0.260
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000