XSS in Dnnsoftware Dotnetnuke
CVE-2013-4649
Cross-site scripting (XSS) vulnerability in DotNetNuke (DNN) before 6.2.9 and 7.x before 7.1.1 allows remote attackers to inject arbitrary web script or HTML via the __dnnVariable parameter to the default URI.
Vulnerability class: XSS (Cross-Site Scripting)
EPSS: 0.003 (50.6th percentile) — read the EPSS interpretation.
Affected products
- Dnnsoftware Dotnetnuke — versions 1.0.6, 1.0.7, 1.0.8
- N/a — versions n/a
Weakness classification (CWE)
References
- 53493 (x_refsource_SECUNIA, third-party-advisory, Vendor Advisory)
- cve@mitre.org (Exploit, x_refsource_MISC)
- cve@mitre.org (x_refsource_CONFIRM, Patch, Vendor Advisory)
- dotnetnuke-cve20134649-dnnvariable-xss(86432) (vdb-entry, x_refsource_XF)