CVE-2008-6644

DotNetNuke < 4.8.3 - Cross-Site Scripting via PATH_INFO

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2008-6644. PoCs published by AmnPardaz Security Research Team.

AI-analyzed exploit summary This exploit demonstrates a cross-site scripting (XSS) vulnerability in DotNetNuke 4.8.3 by injecting malicious JavaScript into the URL path. The payload executes arbitrary script code when a user interacts with the crafted link, potentially leading to credential theft or other client-side attacks.

Description

Cross-site scripting (XSS) vulnerability in Default.aspx in DotNetNuke 4.8.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO.

Exploits (1)

exploitdb WORKING POC VERIFIED

by AmnPardaz Security Research Team · textwebappsasp

https://www.exploit-db.com/exploits/31865

View Code ZIP pw:eip

This exploit demonstrates a cross-site scripting (XSS) vulnerability in DotNetNuke 4.8.3 by injecting malicious JavaScript into the URL path. The payload executes arbitrary script code when a user interacts with the crafted link, potentially leading to credential theft or other client-side attacks.

Classification

Working Poc 90%

Attack Type

Xss

Complexity

Trivial

Reliability

Reliable

Target: DotNetNuke 4.8.3

No auth needed

Prerequisites: User interaction (e.g., hovering over a crafted link)

MITRE ATT&CK

T1059.007 - JavaScript

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (5)

Core 5

Core References

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/30617

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/42752

Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq

http://www.securityfocus.com/archive/1/492793/100/0/threaded

Various Sources x_refsource_confirm

http://www.dotnetnuke.com/News/SecurityPolicy/SecurityBulletinno19/tabid/1166/Default.aspx

Exploit vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/29437

Scores

EPSS 0.0151

EPSS Percentile 71.1%

Details

CWE

CWE-79

Status published

Products (19)

dotnetnuke/dotnetnuke 1.0.6

dotnetnuke/dotnetnuke 1.0.7

dotnetnuke/dotnetnuke 1.0.8

dotnetnuke/dotnetnuke 1.0.9

dotnetnuke/dotnetnuke 1.0.10d

dotnetnuke/dotnetnuke 1.0.10e

dotnetnuke/dotnetnuke 2.1.1

dotnetnuke/dotnetnuke 2.1.2

dotnetnuke/dotnetnuke 3.0.7

dotnetnuke/dotnetnuke 3.0.8

... and 9 more

Published Apr 07, 2009

Tracked Since Feb 18, 2026