CVE-2009-1366
published 2009-04-22CVE-2009-1366: Cross-site scripting (XSS) vulnerability in Website\admin\Sales\paypalipn.aspx in DotNetNuke (DNN) before 4.9.3 allows remote attackers to inject arbitrary web…
PriorityP415medium4.3CVSS 2.0
AVNACMAuNCNIPAN
EPSS
1.03%
59.4th percentile
Cross-site scripting (XSS) vulnerability in Website\admin\Sales\paypalipn.aspx in DotNetNuke (DNN) before 4.9.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to "name/value pairs" and "paypal IPN functionality."
Affected
30 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| dnnsoftware | dotnetnuke | <= 4.9.2 | — |
| dnnsoftware | dotnetnuke | — | — |
| dnnsoftware | dotnetnuke | — | — |
| dnnsoftware | dotnetnuke | — | — |
| dnnsoftware | dotnetnuke | — | — |
| dnnsoftware | dotnetnuke | — | — |
| dnnsoftware | dotnetnuke | — | — |
| dnnsoftware | dotnetnuke | — | — |
| dnnsoftware | dotnetnuke | — | — |
| dnnsoftware | dotnetnuke | — | — |
| dnnsoftware | dotnetnuke | — | — |
| dnnsoftware | dotnetnuke | — | — |
| dnnsoftware | dotnetnuke | — | — |
| dnnsoftware | dotnetnuke | — | — |
| dnnsoftware | dotnetnuke | — | — |
| dnnsoftware | dotnetnuke | — | — |
| dnnsoftware | dotnetnuke | — | — |
| dnnsoftware | dotnetnuke | — | — |
| dnnsoftware | dotnetnuke | — | — |
| dnnsoftware | dotnetnuke | — | — |
| dnnsoftware | dotnetnuke | — | — |
| dnnsoftware | dotnetnuke | — | — |
| dnnsoftware | dotnetnuke | — | — |
| dnnsoftware | dotnetnuke | — | — |
| dnnsoftware | dotnetnuke | — | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
VulDB
DotNetNuke up to 4.9.2 paypalipn.aspx cross site scripting (BID-34484 / SA34686)
vuldb·2026-04-29·CVSS 4.3
CVE-2009-1366 [MEDIUM] DotNetNuke up to 4.9.2 paypalipn.aspx cross site scripting (BID-34484 / SA34686)
A vulnerability classified as problematic has been found in DotNetNuke. This issue affects some unknown processing of the file Website\admin\Sales\paypalipn.aspx. Performing a manipulation results in cross site scripting.
This vulnerability is known as CVE-2009-1366. Remote exploitation of the attack is possible. No exploit is available.
It is recommended to upgrade the affected component.
GHSA
GHSA-x4rx-g92q-cjw7: Cross-site scripting (XSS) vulnerability in Website\admin\Sales\paypalipn
ghsa_unreviewed·2022-05-02
CVE-2009-1366 [MEDIUM] CWE-79 GHSA-x4rx-g92q-cjw7: Cross-site scripting (XSS) vulnerability in Website\admin\Sales\paypalipn
Cross-site scripting (XSS) vulnerability in Website\admin\Sales\paypalipn.aspx in DotNetNuke (DNN) before 4.9.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to "name/value pairs" and "paypal IPN functionality."
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
http://secunia.com/advisories/34686http://www.dotnetnuke.com/News/SecurityPolicy/Securitybulletinno25/tabid/1260/Default.aspxhttp://www.securityfocus.com/bid/34484http://secunia.com/advisories/34686http://www.dotnetnuke.com/News/SecurityPolicy/Securitybulletinno25/tabid/1260/Default.aspxhttp://www.securityfocus.com/bid/34484
2009-04-22
Published