Detections
Analytics
Dotnetnuke 5.0.x < 9.6.1 (09.06.01)
medium Nessus Plugin ID 137365
Language:
Synopsis
An ASP.NET application running on the remote web server is affected by a vulnerability.Description
According to its self-reported version, the instance of Dotnetnuke running on the remote web server is 5.0.x prior to 9.6.1. It is, therefore, affected by a vulnerability.- The maintainers of jQuery published version 3.5.0 with a security fix included regarding HTML manipulation.
Fix(es) for this Issue DNN Platform 9.6.0 was released with 3.5.0 included, and 9.6.1 was released with jQuery 3.5.1 after they released an urgent update. It is recommended to upgrade to the newest DNN Version to take advantage of these fixes. It is not possible to update jQuery alone without an DNN version upgrade. Affected Versions DNN Platform version 5.0.0 through 9.6.0 (2020-07)
Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.
Solution
Upgrade to Dotnetnuke version 9.6.1 or later.See Also
https://www.dnnsoftware.com/community/security/security-center
Plugin Details
Severity: Medium
ID: 137365
File Name: dotnetnuke_9_6_1.nasl
Version: 1.2
Type: remote
Family: CGI abuses
Published: 6/12/2020
Updated: 4/7/2022
Configuration: Enable thorough checks
Supported Sensors: Nessus
Risk Information
CVSS Score Rationale: No cve available for this vulnerability.
CVSS v2
Risk Factor: Medium
Base Score: 4.3
Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N
CVSS Score Source: manual
CVSS v3
Risk Factor: Medium
Base Score: 6.1
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Vulnerability Information
CPE: cpe:/a:dotnetnuke:dotnetnuke
Required KB Items: installed_sw/DNN
Patch Publication Date: 5/14/2020
Vulnerability Publication Date: 5/14/2020