DotNetNuke Cross Site Scripting and Security Bypass Vulnerabilities


DotNetNuke is prone to the following vulnerabilities:1. A security-bypass vulnerability.2. Multiple cross-site scripting vulnerabilities


The original article can be found at:
The information has been provided by Lei, Chris Hammond, Sunil Yadav via Secunia, Simon Meraner .


Vulnerable Systems:
 * DotNetNuke DotNetNuke 6.0.2 s and prior

Successfully exploiting these issues may allow an attacker to bypass certain security restrictions, to execute arbitrary script code in the browser of an unsuspecting user, to steal cookie-based authentication credentials, and to perform certain administrative actions in the vulnerable application.

Vendor Status:
Currently we are not aware of any vendor-supplied patches

Disclosure Timeline:
Initial Release: Jul 13 2012

Categories: News