DNN (DotNetNuke) < 8.0.1 Multiple Vulnerabilities

medium Nessus Plugin ID 90198

Synopsis

The remote web server contains an ASP.NET application that is affected by multiple vulnerabilities.

Description

The version of DNN Platform (formerly DotNetNuke) running on the remote host is affected by multiple vulnerabilities :

- A cross-site scripting (XSS) vulnerability exists due to improper validation of input to the 'returnurl' query string parameter before returning it to users. A remote attacker can exploit this, via a crafted request, to execute arbitrary script code in a user's browser session.

- A flaw exists due to the WebAPI not properly verifying the RequestVerificationToken when handling HTTP POST requests to perform sensitive actions. A remote attacker can exploit this, by convincing a user to follow a crafted link, to carry out a cross-site request forgery (XSRF) attack.

- A cross-site scripting (XSS) vulnerability exists due to improper sanitization of input to the biography field in the user profile before returning it to users. An authenticated, remote attacker can exploit this, via a crafted request, to execute arbitrary script code in a user's browser session.

- A cross-site scripting (XSS) vulnerability exists, when the SSL Client redirect is enabled, due to improper validation of the input to URL query string parameters before returning it to users. A remote attacker can exploit this, via a crafted request, to execute arbitrary script code in a user's browser session.

- A flaw exists due to improper validation of input to the 'returnurl' query string parameter. An attacker can exploit this, by convincing a user to follow a crafted link, to redirect the user to an arbitrary website of the attacker's choosing.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Upgrade to DNN Platform version 8.0.1 or later.

See Also

https://www.dnnsoftware.com/community/security/security-center

Plugin Details

Severity: Medium

ID: 90198

File Name: dotnetnuke_8_0_1.nasl

Version: 1.8

Type: remote

Family: CGI abuses

Published: 3/25/2016

Updated: 4/11/2022

Configuration: Enable thorough checks

Supported Sensors: Nessus

Risk Information

CVSS v2

Risk Factor: Medium

Base Score: 6.8

Temporal Score: 5.6

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P

Vulnerability Information

CPE: cpe:/a:dotnetnuke:dotnetnuke

Required KB Items: installed_sw/DNN

Patch Publication Date: 3/16/2016

Vulnerability Publication Date: 3/16/2016