This host is installed with DotNetNuke and is prone to redirection weakness and cross site scripting vulnerabilities.

Successful exploitation will allow attacker to insertion attacks and conduct spoofing and cross-site scripting attacks.

Upgrade to version 6.2.9 or 7.1.1 or later, For updates refer to http://dnnsoftware.com

Multiple flaws are due to, - Input related to the 'Display Name' field in 'Manage Profile' is not properly sanitised before being used. - Input passed via the '__dnnVariable' GET parameter to Default.aspx is not properly sanitised before being returned to the user. - Certain unspecified input is not properly verified before being used to redirect users.

DotNetNuke versions 6.x before 6.2.9 and 7.x before 7.1.1

Send a Crafted HTTP GET request and check whether it is able to read the cookie or not.

• http://cxsecurity.com/issue/WLB-2013080113
• http://packetstormsecurity.com/files/122792
• http://secunia.com/advisories/53493
• http://www.osvdb.com/96325
• http://www.osvdb.com/96326
• http://www.securelist.com/en/advisories/53493

---

Updated on 2015-03-25