1 min read

XSS Vulnerability in DotNetNuke (DNN) before 8.0.1

XSS Vulnerability in DotNetNuke (DNN) before 8.0.1
Photo by Webstacks / Unsplash

Cross-site scripting (XSS) vulnerability in the user-profile biography section in DotNetNuke (DNN) before 8.0.1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted onclick attribute in an IMG element.

DNN® ( formerly DotNetNuke® ) is the leading open source web content management platform (CMS) in the Microsoft ecosystem. The product is used to build professional looking and easy-to-use commercial websites, social intranets, community portals, or partner extranets. Containing dynamic content of all types, DNN sites are easy to deploy and update. The DNN Platform has been downloaded more than 8 million times and powers more than 750,000 websites globally. A community of more than 1 million members forms a powerful support network.

Source: https://github.com/dnnsoftware/Dnn.Platform
CVE -CVE-2016-7119
The mission of the CVE® Program is to identify, define, and catalog publicly disclosed cybersecurity vulnerabilities.