Vulnerability Details CVE-2019-12562
Stored Cross-Site Scripting in DotNetNuke (DNN) Version before 9.4.0 allows remote attackers to store and embed the malicious script into the admin notification page. The exploit could be used to perfom any action with admin privileges such as managing content, adding users, uploading backdoors to the server, etc. Successful exploitation occurs when an admin user visits a notification page with stored cross-site scripting.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.387
EPSS Ranking 97.1%
CVSS Severity
CVSS v3 Score 6.1
CVSS v2 Score 4.3
References
- http://packetstormsecurity.com/files/154673/DotNetNuke-Cross-Site-Scripting.html
- https://mayaseven.com/cve-2019-12562-stored-cross-site-scripting-in-dotnetnuke-dnn-version-v9-3-2/
- http://packetstormsecurity.com/files/154673/DotNetNuke-Cross-Site-Scripting.html
- https://mayaseven.com/cve-2019-12562-stored-cross-site-scripting-in-dotnetnuke-dnn-version-v9-3-2/
Products affected by CVE-2019-12562
-
cpe:2.3:a:dnnsoftware:dotnetnuke:7.1.2.164
-
cpe:2.3:a:dnnsoftware:dotnetnuke:7.1.2.165
-
cpe:2.3:a:dnnsoftware:dotnetnuke:7.1.2.166
-
cpe:2.3:a:dnnsoftware:dotnetnuke:7.1.2.167
-
cpe:2.3:a:dnnsoftware:dotnetnuke:7.1.2.168
-
cpe:2.3:a:dnnsoftware:dotnetnuke:7.1.2.169
-
cpe:2.3:a:dnnsoftware:dotnetnuke:7.1.2.170
-
cpe:2.3:a:dnnsoftware:dotnetnuke:7.1.2.171
-
cpe:2.3:a:dnnsoftware:dotnetnuke:7.1.2.172
-
cpe:2.3:a:dnnsoftware:dotnetnuke:7.1.2.173
-
cpe:2.3:a:dnnsoftware:dotnetnuke:7.1.2.174
-
cpe:2.3:a:dnnsoftware:dotnetnuke:7.1.2.175
-
cpe:2.3:a:dnnsoftware:dotnetnuke:7.1.2.176
-
cpe:2.3:a:dnnsoftware:dotnetnuke:7.1.2.177
-
cpe:2.3:a:dnnsoftware:dotnetnuke:7.1.2.178
-
cpe:2.3:a:dnnsoftware:dotnetnuke:7.1.2.179
-
cpe:2.3:a:dnnsoftware:dotnetnuke:7.1.2.180
-
cpe:2.3:a:dnnsoftware:dotnetnuke:7.1.2.181
-
cpe:2.3:a:dnnsoftware:dotnetnuke:7.1.2.182
-
cpe:2.3:a:dnnsoftware:dotnetnuke:7.1.2.183
-
cpe:2.3:a:dnnsoftware:dotnetnuke:7.1.2.184
-
cpe:2.3:a:dnnsoftware:dotnetnuke:7.1.2.185
-
cpe:2.3:a:dnnsoftware:dotnetnuke:7.1.2.186
-
cpe:2.3:a:dnnsoftware:dotnetnuke:7.1.2.187
-
cpe:2.3:a:dnnsoftware:dotnetnuke:7.1.2.188
-
cpe:2.3:a:dnnsoftware:dotnetnuke:7.1.2.189
-
cpe:2.3:a:dnnsoftware:dotnetnuke:7.1.2.190
-
cpe:2.3:a:dnnsoftware:dotnetnuke:7.1.2.191
-
cpe:2.3:a:dnnsoftware:dotnetnuke:7.1.2.192
-
cpe:2.3:a:dnnsoftware:dotnetnuke:7.1.2.193
-
cpe:2.3:a:dnnsoftware:dotnetnuke:7.1.2.194
-
cpe:2.3:a:dnnsoftware:dotnetnuke:7.1.2.195
-
cpe:2.3:a:dnnsoftware:dotnetnuke:7.1.2.196
-
cpe:2.3:a:dnnsoftware:dotnetnuke:7.1.2.197
-
cpe:2.3:a:dnnsoftware:dotnetnuke:7.1.2.198
-
cpe:2.3:a:dnnsoftware:dotnetnuke:7.1.2.199
-
cpe:2.3:a:dnnsoftware:dotnetnuke:7.1.2.200
-
cpe:2.3:a:dnnsoftware:dotnetnuke:7.1.2.201
-
cpe:2.3:a:dnnsoftware:dotnetnuke:7.1.2.202
-
cpe:2.3:a:dnnsoftware:dotnetnuke:7.1.2.203
-
cpe:2.3:a:dnnsoftware:dotnetnuke:7.1.2.204
-
cpe:2.3:a:dnnsoftware:dotnetnuke:7.1.2.205
-
cpe:2.3:a:dnnsoftware:dotnetnuke:7.1.2.206
-
cpe:2.3:a:dnnsoftware:dotnetnuke:7.1.2.207
-
cpe:2.3:a:dnnsoftware:dotnetnuke:7.1.2.208
-
cpe:2.3:a:dnnsoftware:dotnetnuke:7.1.2.209
-
cpe:2.3:a:dnnsoftware:dotnetnuke:7.1.2.210
-
cpe:2.3:a:dnnsoftware:dotnetnuke:7.1.2.211
-
cpe:2.3:a:dnnsoftware:dotnetnuke:7.1.2.212
-
cpe:2.3:a:dnnsoftware:dotnetnuke:7.1.2.213
-
cpe:2.3:a:dnnsoftware:dotnetnuke:7.1.2.214
-
cpe:2.3:a:dnnsoftware:dotnetnuke:7.1.2.215
-
cpe:2.3:a:dnnsoftware:dotnetnuke:7.1.2.216
-
cpe:2.3:a:dnnsoftware:dotnetnuke:7.1.2.217
-
cpe:2.3:a:dnnsoftware:dotnetnuke:7.1.2.218
-
cpe:2.3:a:dnnsoftware:dotnetnuke:7.1.2.219
-
cpe:2.3:a:dnnsoftware:dotnetnuke:7.1.2.220
-
cpe:2.3:a:dnnsoftware:dotnetnuke:7.1.2.221
-
cpe:2.3:a:dnnsoftware:dotnetnuke:7.1.2.222
-
cpe:2.3:a:dnnsoftware:dotnetnuke:7.1.2.223
-
cpe:2.3:a:dnnsoftware:dotnetnuke:7.1.2.224
-
cpe:2.3:a:dnnsoftware:dotnetnuke:7.1.2.225
-
cpe:2.3:a:dnnsoftware:dotnetnuke:7.1.2.226
-
cpe:2.3:a:dnnsoftware:dotnetnuke:7.1.2.227
-
cpe:2.3:a:dnnsoftware:dotnetnuke:7.1.2.228
-
cpe:2.3:a:dnnsoftware:dotnetnuke:7.2.0.607
-
cpe:2.3:a:dnnsoftware:dotnetnuke:7.2.1.367
-
cpe:2.3:a:dnnsoftware:dotnetnuke:7.3.0.499
-
cpe:2.3:a:dnnsoftware:dotnetnuke:7.3.1.20
-
cpe:2.3:a:dnnsoftware:dotnetnuke:7.3.2.109
-
cpe:2.3:a:dnnsoftware:dotnetnuke:7.3.3.118
-
cpe:2.3:a:dnnsoftware:dotnetnuke:7.3.4.45
-
cpe:2.3:a:dnnsoftware:dotnetnuke:7.4.0.353
-
cpe:2.3:a:dnnsoftware:dotnetnuke:7.5.0.875
-
cpe:2.3:a:dnnsoftware:dotnetnuke:7.5.0.885
-
cpe:2.3:a:dnnsoftware:dotnetnuke:8.0.0
-
cpe:2.3:a:dnnsoftware:dotnetnuke:8.0.1
-
cpe:2.3:a:dnnsoftware:dotnetnuke:8.0.2
-
cpe:2.3:a:dnnsoftware:dotnetnuke:8.0.3
-
cpe:2.3:a:dnnsoftware:dotnetnuke:8.0.4
-
cpe:2.3:a:dnnsoftware:dotnetnuke:9.0.0
-
cpe:2.3:a:dnnsoftware:dotnetnuke:9.0.1
-
cpe:2.3:a:dnnsoftware:dotnetnuke:9.0.2
-
cpe:2.3:a:dnnsoftware:dotnetnuke:9.1.0
-
cpe:2.3:a:dnnsoftware:dotnetnuke:9.1.1
-
cpe:2.3:a:dnnsoftware:dotnetnuke:9.2
-
cpe:2.3:a:dnnsoftware:dotnetnuke:9.2.0
-
cpe:2.3:a:dnnsoftware:dotnetnuke:9.2.1
-
cpe:2.3:a:dnnsoftware:dotnetnuke:9.2.2
-
cpe:2.3:a:dnnsoftware:dotnetnuke:9.3.0
-
cpe:2.3:a:dnnsoftware:dotnetnuke:9.3.1
-
cpe:2.3:a:dnnsoftware:dotnetnuke:9.3.2