DotNetNuke 'InstallWizard.aspx' Cross Site Scripting Vulnerability Network Vulnerability

Summary

This host is running DotNetNuke and is prone to cross site scripting vulnerability.

Impact

Successful exploitation could allow remote attackers to execute arbitrary HTML and script code in a user's browser session in the context of an affected site. Impact Level: Application

Solution

Upgrade to DotNetNuke version 5.06.02 or later. For updates refer to http://www.dotnetnuke.com

Insight

The flaw is caused by improper validation of user-supplied input to the '__VIEWSTATE' parameter in Install/InstallWizard.aspx, which allows attackers to execute arbitrary HTML and script code in a user's browser session in the context of an affected site.

Affected

DotNetNuke versions 5.05.01 and 5.06.00

References

http://secunia.com/advisories/42478
http://www.securitytracker.com/id?1024828

Updated on 2017-03-28

Severity

Classification

CVE CVE-2010-4514

CVSS	Base Score: 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N

Related Vulnerabilities

/cgi-bin directory browsable ?
Apache Tomcat RemoteFilterValve Security Bypass Vulnerability
A4Desk Event Calendar 'eventid' Parameter SQL Injection Vulnerability
APC PowerChute Network Shutdown HTTP Response Splitting Vulnerability
Allegro RomPager HTTP Referer Header Cross Site Scripting Vulnerability

Take action and discover your vulnerabilities