Description
DNN (formerly DotNetNuke) 9.1.1 allows cross-site scripting (XSS) via XML.
References (2)
Core 2
Core References
Exploit, Third Party Advisory, VDB Entry x_refsource_misc
http://packetstormsecurity.com/files/151304/DNN-9.1-XML-Related-Cross-Site-Scripting.html
Release Notes, Vendor Advisory x_refsource_misc
http://www.dnnsoftware.com/community/security/security-center
Scores
CVSS v3
6.1
EPSS
0.0048
EPSS Percentile
65.3%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Details
CWE
CWE-79
Status
published
Products (2)
dnnsoftware/dotnetnuke
9.1.1
nuget/DotNetNuke.Core
0NuGet
Published
Mar 21, 2019
Tracked Since
Feb 18, 2026