Vulnerability Description
Stored Cross-Site Scripting in DotNetNuke (DNN) Version before 9.4.0 allows remote attackers to store and embed the malicious script into the admin notification page. The exploit could be used to perfom any action with admin privileges such as managing content, adding users, uploading backdoors to the server, etc. Successful exploitation occurs when an admin user visits a notification page with stored cross-site scripting.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Dnnsoftware | Dotnetnuke | < 9.4.0 |
Related Weaknesses (CWE)
References
- http://packetstormsecurity.com/files/154673/DotNetNuke-Cross-Site-Scripting.html
- https://mayaseven.com/cve-2019-12562-stored-cross-site-scripting-in-dotnetnuke-dExploitThird Party Advisory
- http://packetstormsecurity.com/files/154673/DotNetNuke-Cross-Site-Scripting.html
- https://mayaseven.com/cve-2019-12562-stored-cross-site-scripting-in-dotnetnuke-dExploitThird Party Advisory
FAQ
What is CVE-2019-12562?
CVE-2019-12562 is a vulnerability with a CVSS score of 6.1 (MEDIUM). Stored Cross-Site Scripting in DotNetNuke (DNN) Version before 9.4.0 allows remote attackers to store and embed the malicious script into the admin notification page. The exploit could be used to perf...
How severe is CVE-2019-12562?
CVE-2019-12562 has been rated MEDIUM with a CVSS base score of 6.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2019-12562?
Check the references section above for vendor advisories and patch information. Affected products include: Dnnsoftware Dotnetnuke.