DNN (DotNetNuke) < 3.0.12 Multiple XSS

Copyright (C) 2005-2015 Josh Zlatin-Amishav

Synopsis :

The remote host contains an ASP application that is affected by
multiple input validation flaws.

Description :

The remote host is running DNN, a portal written in ASP.

The remote installation of DNN, according to its version number,
contains several input validation flaws leading to the execution of
attacker supplied HTML and script code.

See also :


Solution :

Upgrade to DNN version 3.0.12 or later.

Risk factor :

Medium / CVSS Base Score : 4.3
CVSS Temporal Score : 4.3
Public Exploit Available : true

Family: CGI abuses : XSS

Nessus Plugin ID: 18505 (dotnetnuke_xss.nasl)

Bugtraq ID: 13644

CVE ID: CVE-2005-0040