XSS in Dnnsoftware Dotnetnuke
CVE-2010-4514
Cross-site scripting (XSS) vulnerability in Install/InstallWizard.aspx in DotNetNuke 5.05.01 and 5.06.00 allows remote attackers to inject arbitrary web script or HTML via the __VIEWSTATE parameter. NOTE: some of these details are obtaine…
Vulnerability class: XSS (Cross-Site Scripting)
EPSS: 0.028 (86.4th percentile) — read the EPSS interpretation.
Affected products
- Dnnsoftware Dotnetnuke — versions 5.05.01, 5.06.00
- N/a — versions n/a
Weakness classification (CWE)
References
- cve@mitre.org (Exploit, x_refsource_MISC)
- cve@mitre.org (Exploit, x_refsource_MISC)
- 1024828 (Exploit, vdb-entry, x_refsource_SECTRACK)
- 42478 (x_refsource_SECUNIA, third-party-advisory, Vendor Advisory)
- 45180 (Exploit, vdb-entry, x_refsource_BID)