SCA: security update for dotnetnuke.core (GHSA-5whq-j5qg-wjvp)

medium Tenable Self-Hosted Container Security Plugin ID 422221

Description

There are packages installed that are affected by a vulnerability referenced in the following CVE:

- Stored Cross-Site Scripting in DotNetNuke (DNN) Version before 9.4.0 allows remote attackers to store and
embed the malicious script into the admin notification page. The exploit could be used to perfom any
action with admin privileges such as managing content, adding users, uploading backdoors to the server,
etc. Successful exploitation occurs when an admin user visits a notification page with stored cross-site
scripting. (CVE-2019-12562)

See Also

https://github.com/advisories/GHSA-5whq-j5qg-wjvp

Plugin Details

Severity: Medium

ID: 422221

Version: Revision 1.2

Type: Local

Family: SCA Checks

Published: 3/28/2025

Updated: 7/2/2026

Supported Sensors: Tenable Cloud Security, Tenable Self-Hosted Container Security

Risk Information

VPR

Risk Factor: Low

Score: 2.3

Percentile: 8.67

CVSS v2

Risk Factor: Medium

Base Score: 4.3

Temporal Score: 3.4

Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N

CVSS Score Source: CVE-2019-12562

CVSS v3

Risk Factor: Medium

Base Score: 6.1

Temporal Score: 5.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

Vulnerability Information

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 11/18/2019

Vulnerability Publication Date: 9/26/2019

Reference Information

CVE: CVE-2019-12562

cwe: CWE-79