Cross-site scripting (XSS) vulnerability in the user-profile biography section in DotNetNuke (DNN) before 8.0.1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted onclick attribute in an IMG element.
{
"unresolved_ranges": [
{
"cpes": [
"cpe:2.3:a:dnnsoftware:dotnetnuke:*:*:*:*:*:*:*:*"
],
"extracted_events": [
{
"last_affected": "08.00.04"
}
],
"vendor_product": "dnnsoftware:dotnetnuke",
"source": "CPE_RANGE"
}
]
}