DotNetNuke < 3.0.12 Multiple XSS

Copyright (C) 2005-2012 Josh Zlatin-Amishav


Synopsis :

The remote host contains an ASP application that is affected by
multiple input validation flaws.

Description :

The remote host is running DotNetNuke, a portal written in ASP.

The remote installation of DotNetNuke, according to its version
number, contains several input validation flaws leading to the
execution of attacker supplied HTML and script code.

See also :

http://archives.neohapsis.com/archives/bugtraq/2005-05/0198.html

Solution :

Upgrade to version 3.0.12 or later.

Risk factor :

Medium / CVSS Base Score : 4.3
(CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N)
CVSS Temporal Score : 4.3
(CVSS2#E:H/RL:U/RC:C)
Public Exploit Available : true

Family: CGI abuses : XSS

Nessus Plugin ID: 18505 (dotnetnuke_xss.nasl)

Bugtraq ID: 13644
13646
13647

CVE ID: CVE-2005-0040