This script is Copyright (C) 2013-2014 Tenable Network Security, Inc.
The remote web server contains an ASP.NET application that is affected
by multiple vulnerabilities.
The version of DotNetNuke installed on the remote host is affected by
multiple vulnerabilities :
- The application is affected by a persistent cross-site
scripting vulnerability because input to the
'Display Name' in the 'Manage Profile' view is not
properly sanitized. (CVE-2013-3943)
- The application if affected by a cross-site scripting
vulnerability because user-supplied input to the
'__dnnVariable' parameter is not properly sanitized.
- An unspecified open redirect flaw exists that could
allow an attacker to perform a phishing attack by
enticing a user to click on a malicious URL.
Note that this version check requires credentials for a user with
Note also that Nessus has not tested for these issues, but instead, has
relied only on the application's self-reported version number.
See also :
Upgrade to version 6.2.9 / 7.1.1 or later.
Risk factor :
Medium / CVSS Base Score : 4.3
CVSS Temporal Score : 3.7
Public Exploit Available : true