DotNetNuke Cross Site Scripting and Security Bypass Vulnerabilities

Summary

DotNetNuke is prone to the following vulnerabilities:1. A security-bypass vulnerability.2. Multiple cross-site scripting vulnerabilities

Credit:

The original article can be found at: http://www.securityfocus.com/bid/54444
The information has been provided by Lei, Chris Hammond, Sunil Yadav via Secunia, Simon Meraner .


Details

Vulnerable Systems:
 * DotNetNuke DotNetNuke 6.0.2 s and prior

Successfully exploiting these issues may allow an attacker to bypass certain security restrictions, to execute arbitrary script code in the browser of an unsuspecting user, to steal cookie-based authentication credentials, and to perform certain administrative actions in the vulnerable application.

Vendor Status:
Currently we are not aware of any vendor-supplied patches

Disclosure Timeline:
Initial Release: Jul 13 2012

Categories: News