exploitDog

CVE-2019-12562

Опубликовано: 26 сент. 2019

Источник: nvd

CVSS3: 6.1

CVSS2: 4.3

EPSS Средний

Описание

Stored Cross-Site Scripting in DotNetNuke (DNN) Version before 9.4.0 allows remote attackers to store and embed the malicious script into the admin notification page. The exploit could be used to perfom any action with admin privileges such as managing content, adding users, uploading backdoors to the server, etc. Successful exploitation occurs when an admin user visits a notification page with stored cross-site scripting.

Ссылки

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:dnnsoftware:dotnetnuke:*:*:*:*:*:*:*:*

Версия до 9.4.0 (исключая)

EPSS

Процентиль: 97%

0.38668

Средний

6.1 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-79

Связанные уязвимости

GHSA-5whq-j5qg-wjvp

CVSS3: 6.1

github

около 6 лет назад

Stored Cross-Site Scripting vulnerability in admin component of DotNetNuke

EPSS

Процентиль: 97%

0.38668

Средний

6.1 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-79