DNN (DotNetNuke) < 3.0.12 Multiple XSS

Copyright (C) 2005-2016 Josh Zlatin-Amishav


Synopsis :

The remote host contains an ASP application that is affected by
multiple input validation flaws.

Description :

The remote host is running DNN, a portal written in ASP.

The remote installation of DNN, according to its version number,
contains several input validation flaws leading to the execution of
attacker supplied HTML and script code.

See also :

http://seclists.org/bugtraq/2005/May/197

Solution :

Upgrade to DNN version 3.0.12 or later.

Risk factor :

Medium / CVSS Base Score : 4.3
(CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N)
CVSS Temporal Score : 4.3
(CVSS2#E:H/RL:U/RC:C)
Public Exploit Available : true

Family: CGI abuses : XSS

Nessus Plugin ID: 18505 (dotnetnuke_xss.nasl)

Bugtraq ID: 13644
13646
13647

CVE ID: CVE-2005-0040

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now