CVE-2013-4649
medium
CVSS v3
—
CVSS v2
4.3
VIR risk
4.3
Description
DotNetNuke (DNN) Cross-site scripting (XSS) vulnerability via the __dnnVariable parameter
Predictions
Exploit likelihood
20%
Patch ETA
—
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
Vendor advisory: cve@mitre.org — http://www.dnnsoftware.com/platform/manage/security-center
Vendor advisory: cve@mitre.org — http://secunia.com/advisories/53493
Package impact
| Ecosystem | Package | Vulnerable | Fixed |
|---|---|---|---|
| NuGet | DotNetNuke.Core | <6.2.9 | 6.2.9 |
| NuGet | DotNetNuke.Core | >=7.0,<7.1.1 | 7.1.1 |
Application impact
| Vendor | Product | Versions | Fixed |
|---|---|---|---|
| dnnsoftware | dotnetnuke | {"endIncluding":"6.2.8"} | |
| dnnsoftware | dotnetnuke | 1.0.6 | |
| dnnsoftware | dotnetnuke | 1.0.7 | |
| dnnsoftware | dotnetnuke | 1.0.8 | |
| dnnsoftware | dotnetnuke | 1.0.9 | |
| dnnsoftware | dotnetnuke | 1.0.10d | |
| dnnsoftware | dotnetnuke | 1.0.10e | |
| dnnsoftware | dotnetnuke | 2.1.1 | |
| dnnsoftware | dotnetnuke | 2.1.2 | |
| dnnsoftware | dotnetnuke | 3.0.7 | |
| dnnsoftware | dotnetnuke | 3.0.8 | |
| dnnsoftware | dotnetnuke | 3.0.11 | |
| dnnsoftware | dotnetnuke | 3.1.0 | |
| dnnsoftware | dotnetnuke | 3.3.5 | |
| dnnsoftware | dotnetnuke | 4.0 | |
| dnnsoftware | dotnetnuke | 4.3.5 | |
| dnnsoftware | dotnetnuke | 4.4.1 | |
| dnnsoftware | dotnetnuke | 4.5.2 | |
| dnnsoftware | dotnetnuke | 4.5.4 | |
| dnnsoftware | dotnetnuke | 4.5.5 | |
| dnnsoftware | dotnetnuke | 4.6.0 | |
| dnnsoftware | dotnetnuke | 4.6.1 | |
| dnnsoftware | dotnetnuke | 4.6.2 | |
| dnnsoftware | dotnetnuke | 4.7.0 | |
| dnnsoftware | dotnetnuke | 4.8.0 | |
| dnnsoftware | dotnetnuke | 4.8.1 | |
| dnnsoftware | dotnetnuke | 4.8.2 | |
| dnnsoftware | dotnetnuke | 4.8.3 | |
| dnnsoftware | dotnetnuke | 4.8.4 | |
| dnnsoftware | dotnetnuke | 4.9 | |
| dnnsoftware | dotnetnuke | 4.9.1 | |
| dnnsoftware | dotnetnuke | 4.9.2 | |
| dnnsoftware | dotnetnuke | 5.0 | |
| dnnsoftware | dotnetnuke | 5.1 | |
| dnnsoftware | dotnetnuke | 5.1.1 | |
| dnnsoftware | dotnetnuke | 5.1.2 | |
| dnnsoftware | dotnetnuke | 5.1.3 | |
| dnnsoftware | dotnetnuke | 5.1.4 | |
| dnnsoftware | dotnetnuke | 5.05.01 | |
| dnnsoftware | dotnetnuke | 5.06.00 | |
| dnnsoftware | dotnetnuke | 6.0.0 | |
| dnnsoftware | dotnetnuke | 6.0.1 | |
| dnnsoftware | dotnetnuke | 6.0.2 | |
| dnnsoftware | dotnetnuke | 6.1.0 | |
| dnnsoftware | dotnetnuke | 6.1.1 | |
| dnnsoftware | dotnetnuke | 6.1.2 | |
| dnnsoftware | dotnetnuke | 6.1.3 | |
| dnnsoftware | dotnetnuke | 6.1.4 | |
| dnnsoftware | dotnetnuke | 6.1.5 | |
| dnnsoftware | dotnetnuke | 6.2.0 | |
| dnnsoftware | dotnetnuke | 6.2.1 | |
| dnnsoftware | dotnetnuke | 6.2.2 | |
| dnnsoftware | dotnetnuke | 6.2.3 | |
| dnnsoftware | dotnetnuke | 6.2.4 | |
| dnnsoftware | dotnetnuke | 6.2.5 | |
| dnnsoftware | dotnetnuke | 6.2.6 | |
| dnnsoftware | dotnetnuke | 6.2.7 | |
| dnnsoftware | dotnetnuke | 7.0.0 | |
| dnnsoftware | dotnetnuke | 7.0.1 | |
| dnnsoftware | dotnetnuke | 7.0.2 | |
| dnnsoftware | dotnetnuke | 7.0.3 | |
| dnnsoftware | dotnetnuke | 7.0.4 | |
| dnnsoftware | dotnetnuke | 7.0.5 | |
| dnnsoftware | dotnetnuke | 7.0.6 | |
| dnnsoftware | dotnetnuke | 7.1.0 | |
References
- http://packetstormsecurity.com/files/122792/DotNetNuke-DNN-7.1.0-6.2.8-Cross-Site-Scripting.html
- http://secunia.com/advisories/53493
- http://www.dnnsoftware.com/platform/manage/security-center
- https://exchange.xforce.ibmcloud.com/vulnerabilities/86432
- https://nvd.nist.gov/vuln/detail/CVE-2013-4649
- https://github.com/dnnsoftware/Dnn.Platform
CWEs
CWE-79
Verify integrity in audit chain (admin only). AS-IS.