CVE-2013-3943

medium

Description

Cross-site scripting (XSS) vulnerability in DotNetNuke (DNN) before 6.2.9 and 7.x before 7.1.1 allows remote authenticated users to inject arbitrary web script or HTML via vectors related to the Display Name field in the Manage Profile.

References

http://www.securityfocus.com/bid/61809

http://www.dnnsoftware.com/platform/manage/security-center

http://secunia.com/advisories/53493

Details

Source: Mitre, NVD

Published: 2014-03-12

Updated: 2014-03-13

Risk Information

CVSS v2

Base Score: 3.5

Vector: CVSS2#AV:N/AC:M/Au:S/C:N/I:P/A:N

Severity: Low

CVSS v3

Base Score: 5.4

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Severity: Medium

Detections

Analytics