This script is Copyright (C) 2013-2015 Tenable Network Security, Inc.
The remote web server contains an ASP.NET application that is affected
by multiple vulnerabilities.
The version of DotNetNuke installed on the remote host is affected by
multiple vulnerabilities :
- The application is affected by a persistent cross-site
scripting vulnerability because input to the
'Display Name' in the 'Manage Profile' view is not
properly sanitized. (CVE-2013-3943)
- The application if affected by a cross-site scripting
vulnerability because user-supplied input to the
'__dnnVariable' parameter is not properly sanitized.
- An unspecified open redirect flaw exists that could
allow an attacker to perform a phishing attack by
enticing a user to click on a malicious URL.
Note that this version check requires credentials for a user with
Note also that Nessus has not tested for these issues, but instead, has
relied only on the application's self-reported version number.
See also :
Upgrade to version 6.2.9 / 7.1.1 or later.
Risk factor :
Medium / CVSS Base Score : 4.3
CVSS Temporal Score : 3.7
Public Exploit Available : true
Family: CGI abuses
Nessus Plugin ID: 70294 ()
Bugtraq ID: 6177061809
CVE ID: CVE-2013-3943CVE-2013-4649CVE-2013-7335
The cookie settings on this website are set to 'allow all cookies' to give you the very best website experience. If you continue without changing these settings, you consent to this - but if you want, you can opt out of all cookies by clicking below.