CVE-2019-12562

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2019-12562

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-12562.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2019-12562

Aliases

GHSA-5whq-j5qg-wjvp

Published

2019-09-26T20:15:11Z

Modified

2024-09-03T02:24:59.948546Z

Severity

6.1 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

[none]

Details

Stored Cross-Site Scripting in DotNetNuke (DNN) Version before 9.4.0 allows remote attackers to store and embed the malicious script into the admin notification page. The exploit could be used to perfom any action with admin privileges such as managing content, adding users, uploading backdoors to the server, etc. Successful exploitation occurs when an admin user visits a notification page with stored cross-site scripting.

References

Affected packages

Git / github.com/dnnsoftware/dnn.platform

Affected ranges

Type: GIT
Repo: https://github.com/dnnsoftware/dnn.platform
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

7fb9a107f630496b0c8cccbec5a0bd91865ae473

Affected versions

v7.*

v7.2.1.367-stable

v7.3.2.109-stable

v9.*

v9.1.0

v9.2.0

v9.2.1

v9.2.1-rc0

v9.2.1-rc1

v9.2.2

v9.2.2-rc0

v9.2.2-rc1

v9.2.2-rc2

v9.2.2-rc3

v9.3.0

v9.3.0-rc0

v9.3.0-rc1

v9.3.0-rc2

v9.3.1

v9.3.1-rc0

v9.3.2

v9.3.2-rc0

v9.4.0-rc0

v9.4.0-rc1