CVE-2013-3943

Dotnetnuke < 6.2.8 - XSS

Title source: rule

Description

Cross-site scripting (XSS) vulnerability in DotNetNuke (DNN) before 6.2.9 and 7.x before 7.1.1 allows remote authenticated users to inject arbitrary web script or HTML via vectors related to the Display Name field in the Manage Profile.

References (3)

[Vendor Advisory] http://secunia.com/advisories/53493

[Patch, Vendor Advisory] http://www.dnnsoftware.com/platform/manage/security-center

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/61809

Scores

EPSS 0.0021

EPSS Percentile 43.1%

Details

CWE

CWE-79

Status published

Products (50)

dotnetnuke/dotnetnuke < 6.2.8

dotnetnuke/dotnetnuke

... and 40 more

Published Mar 12, 2014

Tracked Since Feb 18, 2026