Cross-site scripting (XSS) vulnerability in the user-profile biography section in DotNetNuke (DNN)

GHSA-5c66-x4wm-rjfx · CVE-2016-7119

Published Oct 16, 2018 · Modified Nov 8, 2023

Description

Cross-site scripting (XSS) vulnerability in the user-profile biography section in DotNetNuke (DNN) before 8.0.1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted onclick attribute in an IMG element.

References

ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2016-7119
ADVISORY https://github.com/advisories/GHSA-5c66-x4wm-rjfx
WEB http://www.dnnsoftware.com/community/security/security-center
WEB http://www.securityfocus.com/bid/92719

Ready to move

Start Securing

Start for Free Get Demo

Free, no credit card | First findings in minutes