XSS in Dnnsoftware Dotnetnuke
CVE-2012-1036
Cross-site scripting (XSS) vulnerability in the telerik HTML editor in DotNetNuke before 5.6.4 and 6.x before 6.1.0 allows remote attackers to inject arbitrary web script or HTML via a message.
Vulnerability class: XSS (Cross-Site Scripting)
EPSS: 0.003 (49.9th percentile) — read the EPSS interpretation.
Affected products
- Dnnsoftware Dotnetnuke — versions 4.9.1, 4.9.2, 5.1.1
- Dotnetnuke — versions 4.9.0, 4.9.3, 4.9.4
- N/a — versions n/a
Weakness classification (CWE)
References
- cve@mitre.org (x_refsource_MISC)
- cve@mitre.org (x_refsource_CONFIRM, Vendor Advisory)