Vulnerability Details CVE-2005-0040
Multiple cross-site scripting (XSS) vulnerabilities in DotNetNuke before 3.0.12 allow remote attackers to inject arbitrary web script or HTML via the (1) register a new user page, (2) User-Agent, or (3) Username, which is not properly quoted before sending to the error log.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.005
EPSS Ranking 66.2%
CVSS Severity
CVSS v2 Score 4.3
References
- http://marc.info/?l=bugtraq&m=111627180518591&w=2
- http://secunia.com/advisories/15397
- http://www.securityfocus.com/bid/13644
- http://www.securityfocus.com/bid/13646
- http://www.securityfocus.com/bid/13647
- http://www.woany.co.uk/advisories/dotnetnukexss.txt
- http://marc.info/?l=bugtraq&m=111627180518591&w=2
- http://secunia.com/advisories/15397
- http://www.securityfocus.com/bid/13644
- http://www.securityfocus.com/bid/13646
- http://www.securityfocus.com/bid/13647
- http://www.woany.co.uk/advisories/dotnetnukexss.txt
Products affected by CVE-2005-0040
-
cpe:2.3:a:dotnetnuke:dotnetnuke:1.0.10d
-
cpe:2.3:a:dotnetnuke:dotnetnuke:1.0.10e
-
cpe:2.3:a:dotnetnuke:dotnetnuke:1.0.6
-
cpe:2.3:a:dotnetnuke:dotnetnuke:1.0.7
-
cpe:2.3:a:dotnetnuke:dotnetnuke:1.0.8
-
cpe:2.3:a:dotnetnuke:dotnetnuke:1.0.9
-
cpe:2.3:a:dotnetnuke:dotnetnuke:2.1.1
-
cpe:2.3:a:dotnetnuke:dotnetnuke:2.1.2
-
cpe:2.3:a:dotnetnuke:dotnetnuke:3.0.11
-
cpe:2.3:a:dotnetnuke:dotnetnuke:3.0.7
-
cpe:2.3:a:dotnetnuke:dotnetnuke:3.0.8