DNN (DotNetNuke) < 5.2.0 SearchResults.aspx XSS

medium Nessus Plugin ID 42979

Synopsis

The remote web server contains a ASP.NET application that is affected by a cross-site scripting vulnerability.

Description

The version of DNN installed on the remote host is affected by a cross-site scripting vulnerability due to a failure to properly sanitize user-supplied input to the 'Search' parameter of the 'SearchResults.aspx' script before using it to generate dynamic HTML output. An unauthenticated, remote attacker can exploit this, via specially crafted search terms, to execute arbitrary script code in a user's browser session.

The installed version is also potentially affected by an information disclosure vulnerability, although Nessus has not tested for this.

Solution

Upgrade to DNN version 5.2.0 or later.

See Also

http://www.nessus.org/u?3d6aa7e2

https://www.dnnsoftware.com/community/security/security-center

Plugin Details

Severity: Medium

ID: 42979

File Name: dotnetnuke_search_page_xss.nasl

Version: 1.17

Type: remote

Published: 12/2/2009

Updated: 6/5/2024

Configuration: Enable thorough checks

Supported Sensors: Nessus

Enable CGI Scanning: true

Risk Information

VPR

Risk Factor: Low

Score: 3.0

CVSS v2

Risk Factor: Medium

Base Score: 4.3

Temporal Score: 3.7

Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N

Vulnerability Information

CPE: cpe:/a:dotnetnuke:dotnetnuke

Required KB Items: installed_sw/DNN

Excluded KB Items: Settings/disable_cgi_scanning

Exploit Ease: No exploit is required

Exploited by Nessus: true

Patch Publication Date: 11/26/2009

Vulnerability Publication Date: 11/26/2009

Reference Information

CVE: CVE-2009-4110

BID: 37139

CWE: 79

SECUNIA: 37480