exploitDog

CVE-2021-31858

Опубликовано: 20 июл. 2022

Источник: nvd

CVSS3: 5.4

EPSS Низкий

Описание

DotNetNuke (DNN) 9.9.1 CMS is vulnerable to a Stored Cross-Site Scripting vulnerability in the user profile biography section which allows remote authenticated users to inject arbitrary code via a crafted payload.

Ссылки

https://labs.integrity.pt/advisories/cve-2021-31858/
Third Party Advisory
https://www.dnnsoftware.com/community/security/security-center
Vendor Advisory
https://labs.integrity.pt/advisories/cve-2021-31858/
Third Party Advisory
https://www.dnnsoftware.com/community/security/security-center
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:dnnsoftware:dotnetnuke:*:*:*:*:*:*:*:*

Версия до 9.10.2 (включая)

EPSS

Процентиль: 46%

0.00234

Низкий

5.4 Medium

CVSS3

Дефекты

CWE-79

Связанные уязвимости

GHSA-3xxp-73wf-27cp

CVSS3: 5.4

github

больше 3 лет назад

DotNetNuke (DNN) 9.9.1 CMS is vulnerable to a Stored Cross-Site Scripting vulnerability in the user profile biography section which allows remote authenticated users to inject arbitrary code via a crafted payload.

EPSS

Процентиль: 46%

0.00234

Низкий

5.4 Medium

CVSS3

Дефекты

CWE-79