HomePentest-Tools.com Logo

DotNetNuke 6.x < 6.2.9, 7.x < 7.1.1 Redirection Weakness and XSS Vulnerabilities CVE-2013-3943CVE-2013-4649CVE-2013-7335

Not available
CVSSv3 Score
Not available
Vulnerability description

DotNetNuke is prone to redirection weakness and cross-site scripting (XSS) vulnerabilities.

Risk description

Multiple flaws are due to: - Input related to the Display Name field in Manage Profile is not properly sanitised before being used. - Input passed via the __dnnVariable GET parameter to Default.aspx is not properly sanitised before being returned to the user. - Certain unspecified input is not properly verified before being used to redirect users. Successful exploitation will allow attacker to insertion attacks and conduct spoofing and cross-site scripting attacks.


Update to version 6.2.9, 7.1.1 or later.

Not available
Detectable with
Network Scanner
Scan engine
Exploitable with Sniper
CVE Published
Mar 12, 2014
Detection added at
Software Type
Not available
Not available
Not available