DotNetNuke Cross Site Scripting and Security Bypass Vulnerabilities
The original article can be found at: http://www.securityfocus.com/bid/54444
The information has been provided by Lei, Chris Hammond, Sunil Yadav via Secunia, Simon Meraner .
* DotNetNuke DotNetNuke 6.0.2 s and prior
Successfully exploiting these issues may allow an attacker to bypass certain security restrictions, to execute arbitrary script code in the browser of an unsuspecting user, to steal cookie-based authentication credentials, and to perform certain administrative actions in the vulnerable application.
Currently we are not aware of any vendor-supplied patches
Initial Release: Jul 13 2012