Improper input validation in Dnnsoftware Dotnetnuke

CVE-2013-7335

Open redirect vulnerability in DotNetNuke (DNN) before 6.2.9 and 7.x before 7.1.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.

Vulnerability class: Drupalgeddon 2 (CVE-2018-7600)

EPSS: 0.003 (51.1th percentile) — read the EPSS interpretation.

Affected products

Dnnsoftware Dotnetnuke — versions 1.0.6, 1.0.7, 1.0.8
N/a — versions n/a

Weakness classification (CWE)

CWE-20 — Improper Input Validation

References

53493 (x_refsource_SECUNIA, third-party-advisory, Vendor Advisory)
61809 (vdb-entry, x_refsource_BID)
cve@mitre.org (x_refsource_CONFIRM, Patch, Vendor Advisory)