Stored Cross-Site Scripting vulnerability in admin component of DotNetNuke

GHSA-5whq-j5qg-wjvp · CVE-2019-12562

Published Nov 18, 2019 · Modified Feb 16, 2024

Description

Cross-site scripting (XSS) is possible in DNN (formerly DotNetNuke) before 9.4.0 by remote authenticated users via the Display Name field in the admin notification function.

References

ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2019-12562
WEB https://mayaseven.com/cve-2019-12562-stored-cross-site-scripting-in-dotnetnuke-dnn-version-v9-3-2
WEB http://packetstormsecurity.com/files/154673/DotNetNuke-Cross-Site-Scripting.html

Ready to move

Start Securing

Start for Free Get Demo

Free, no credit card | First findings in minutes