Описание
DNN.PLATFORM Allows Stored Cross-Site Scripting (XSS) in Activity Feed
DNN.PLATFORM allows a specially crafted request can inject scripts in the Activity Feed Attachments endpoint which will then render in the feed, resulting in a cross-site scripting attack. This vulnerability is fixed in 10.0.1.
Пакеты
DNN.PLATFORM
>= 6.0.0, < 10.0.1
10.0.1
Связанные уязвимости
DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. In versions 6.0.0 to before 10.0.1, DNN.PLATFORM allows a specially crafted request to inject scripts in the Activity Feed Attachments endpoint which will then render in the feed. This issue has been patched in version 10.0.1.
Уязвимость сценария /Activity-Feed/userId/{user_id} CMS-системы DNN, позволяющая нарушителю провести атаку межсайтового скриптинга (XSS)