HomePentest-Tools.com Logo

DotNetNuke 6.x < 6.2.9, 7.x < 7.1.1 Redirection Weakness and XSS Vulnerabilities CVE-2013-3943CVE-2013-4649CVE-2013-7335

Severity
Not available
CVSSv3 Score
Not available
Vulnerability description

DotNetNuke is prone to redirection weakness and cross-site scripting (XSS) vulnerabilities.

Risk description

Multiple flaws are due to: - Input related to the Display Name field in Manage Profile is not properly sanitised before being used. - Input passed via the __dnnVariable GET parameter to Default.aspx is not properly sanitised before being returned to the user. - Certain unspecified input is not properly verified before being used to redirect users. Successful exploitation will allow attacker to insertion attacks and conduct spoofing and cross-site scripting attacks.

Recommendation

Update to version 6.2.9, 7.1.1 or later.

Codename
Not available
Detectable with
Network Scanner
Scan engine
OpenVAS
Exploitable with Sniper
No
CVE Published
Mar 12, 2014
Detection added at
Software Type
Not available
Vendor
Not available
Product
Not available