Unrated severityNVD Advisory· Published Apr 21, 2009· Updated Apr 24, 2026

CVE-2008-6733

Description

Cross-site scripting (XSS) vulnerability in the error handling page in DotNetNuke 4.6.2 through 4.8.3 allows remote attackers to inject arbitrary web script or HTML via the querystring parameter.

Affected products

Dnnsoftware/Dotnetnuke4 versions
cpe:2.3:a:dnnsoftware:dotnetnuke:4.6.2:*:*:*:*:*:*:*+ 3 more
- cpe:2.3:a:dnnsoftware:dotnetnuke:4.6.2:*:*:*:*:*:*:*
- cpe:2.3:a:dnnsoftware:dotnetnuke:4.8.1:*:*:*:*:*:*:*
- cpe:2.3:a:dnnsoftware:dotnetnuke:4.8.2:*:*:*:*:*:*:*
- cpe:2.3:a:dnnsoftware:dotnetnuke:4.8.3:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

secunia.com/advisories/30617nvdVendor Advisory
www.dotnetnuke.com/News/SecurityPolicy/SecurityBulletinno18/tabid/1165/Default.aspxnvdVendor Advisory
www.osvdb.org/46323nvd
www.securityfocus.com/bid/29686nvd
exchange.xforce.ibmcloud.com/vulnerabilities/43026nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000