DotNetNuke 'InstallWizard.aspx' Cross Site Scripting Vulnerability Network Vulnerability

Summary

This host is running DotNetNuke and is prone to cross site scripting vulnerability.

Impact

Successful exploitation could allow remote attackers to execute arbitrary HTML and script code in a user's browser session in the context of an affected site. Impact Level: Application

Solution

Upgrade to DotNetNuke version 5.06.02 or later. For updates refer to http://www.dotnetnuke.com

Insight

The flaw is caused by improper validation of user-supplied input to the '__VIEWSTATE' parameter in Install/InstallWizard.aspx, which allows attackers to execute arbitrary HTML and script code in a user's browser session in the context of an affected site.

Affected

DotNetNuke versions 5.05.01 and 5.06.00

References

http://secunia.com/advisories/42478
http://www.securitytracker.com/id?1024828

Updated on 2017-03-28

Severity

Classification

CVE CVE-2010-4514
CVSS Base Score: 4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N

Related Vulnerabilities

11in1 Cross Site Request Forgery and Local File Include Vulnerabilities
Adobe ColdFusion HTTP Response Splitting Vulnerability
Apache ActiveMQ Source Code Information Disclosure Vulnerability
Apache Web Server Configuration File Environment Variable Local Buffer Overflow Vulnerability
Apache Tomcat RemoteFilterValve Security Bypass Vulnerability

Take action and discover your vulnerabilities