This script is Copyright (C) 2013-2015 Tenable Network Security, Inc.
The remote web server contains an ASP.NET application that is affected
by multiple vulnerabilities.
The version of DNN installed on the remote host is affected by
multiple vulnerabilities :
- The application is affected by a persistent cross-site
scripting vulnerability because input to the
'Display Name' in the 'Manage Profile' view is not
properly sanitized. (CVE-2013-3943)
- The application is affected by a cross-site scripting
vulnerability because user-supplied input to the
'__dnnVariable' parameter is not properly sanitized.
- An unspecified open redirect flaw exists that can
allow an attacker to perform a phishing attack by
enticing a user to click on a malicious URL.
Note that Nessus has not tested for these issues but has instead
relied only on the application's self-reported version number.
See also :
Upgrade to DNN version 6.2.9 / 7.1.1 or later.
Risk factor :
Medium / CVSS Base Score : 4.3
CVSS Temporal Score : 3.7
Public Exploit Available : true