Summary
This host is running DotNetNuke and is prone to cross site scripting vulnerability.
Impact
Successful exploitation could allow remote attackers to execute arbitrary HTML and script code in a user's browser session in the context of an affected site.
Impact Level: Application
Solution
Upgrade to DotNetNuke version 5.06.02 or later.
For updates refer to http://www.dotnetnuke.com
Insight
The flaw is caused by improper validation of user-supplied input to the '__VIEWSTATE' parameter in Install/InstallWizard.aspx, which allows attackers to execute arbitrary HTML and script code in a user's browser session in the context of an affected site.
Affected
DotNetNuke versions 5.05.01 and 5.06.00
References
Updated on 2017-03-28
Severity
Classification
-
CVE CVE-2010-4514 -
CVSS Base Score: 4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N
Related Vulnerabilities
- An Image Gallery Multiple Cross-Site Scripting Vulnerability
- Apache Tomcat Information Disclosure Vulnerability
- Abtp Portal Project 'ABTPV_BLOQUE_CENT' Parameter Local and Remote File Include Vulnerabilities
- Apache Tomcat RemoteFilterValve Security Bypass Vulnerability
- A Really Simple Chat Multiple XSS Vulnerabilities