DNN (DotNetNuke) Language Flag Selector Culture XSS

medium Nessus Plugin ID 66527

Synopsis

The remote web server contains an ASP.NET application that is affected by a cross-site scripting vulnerability.

Description

The version of DNN installed on the remote host is affected by a cross-site scripting vulnerability due to the application failing to properly sanitize user-supplied input when multiple languages are selected in the flag selector. An unauthenticated, remote attacker can exploit this, via a specially crafted request, to execute arbitrary script code in a user's browser session.

Note that this issue is mitigated by requiring that more than one language be enabled and that the site must use the core language skin object.

Note also that the application is reportedly affected by an open-redirection vulnerability, although Nessus has not tested for this issue.

Solution

Upgrade to DNN version 6.2.7 / 7.0.5 or later.

See Also

http://www.nessus.org/u?b1cf7f79

https://www.dnnsoftware.com/community/security/security-center

Plugin Details

Severity: Medium

ID: 66527

File Name: dotnetnuke_language_flag_selector_xss.nasl

Version: 1.11

Type: remote

Published: 5/21/2013

Updated: 6/5/2024

Configuration: Enable thorough checks

Supported Sensors: Nessus

Enable CGI Scanning: true

Vulnerability Information

CPE: cpe:/a:dotnetnuke:dotnetnuke

Required KB Items: installed_sw/DNN

Excluded KB Items: Settings/disable_cgi_scanning

Exploit Available: true

Exploit Ease: Exploits are available

Exploited by Nessus: true

Patch Publication Date: 4/3/2013

Vulnerability Publication Date: 4/3/2013

Reference Information

BID: 58903

CWE: 20, 442, 629, 711, 712, 722, 725, 74, 750, 751, 79, 800, 801, 809, 811, 864, 900, 928, 931, 990