DNN (DotNetNuke) < 3.0.12 Multiple XSS

Copyright (C) 2005-2015 Josh Zlatin-Amishav


Synopsis :

The remote host contains an ASP application that is affected by
multiple input validation flaws.

Description :

The remote host is running DNN, a portal written in ASP.

The remote installation of DNN, according to its version number,
contains several input validation flaws leading to the execution of
attacker supplied HTML and script code.

See also :

http://archives.neohapsis.com/archives/bugtraq/2005-05/0198.html

Solution :

Upgrade to DNN version 3.0.12 or later.

Risk factor :

Medium / CVSS Base Score : 4.3
(CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N)
CVSS Temporal Score : 4.3
(CVSS2#E:H/RL:U/RC:C)
Public Exploit Available : true

Family: CGI abuses : XSS

Nessus Plugin ID: 18505 (dotnetnuke_xss.nasl)

Bugtraq ID: 13644
13646
13647

CVE ID: CVE-2005-0040

Ready to Scan Unlimited IPs & Run Compliance Checks?

Upgrade to Nessus Professional today!

Buy Now

Combine the Power of Nessus with the Ease of Cloud

Start your free Nessus Cloud trial now!

Begin Free Trial