CVE-2019-12562
Last modified
CVE-2019-12562 is a medium-severity vulnerability rated 6.1/10 on the CVSS scale. Stored Cross-Site Scripting in DotNetNuke (DNN) Version before 9.4.0 allows remote attackers to store and embed the malicious script into the admin notification page. The exploit could be used to perfom any action with admin privileges such as managing content, adding users, uploading backdoors to the server, etc. EPSS estimates a 6.17% chance of exploitation in the next 30 days.
Description
Stored Cross-Site Scripting in DotNetNuke (DNN) Version before 9.4.0 allows remote attackers to store and embed the malicious script into the admin notification page. The exploit could be used to perfom any action with admin privileges such as managing content, adding users, uploading backdoors to the server, etc. Successful exploitation occurs when an admin user visits a notification page with stored cross-site scripting.
Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Dnnsoftware | Dotnetnuke | < 9.4.0 |
References
- https://mayaseven.com/cve-2019-12562-stored-cross-site-scripting-in-dotnetnuke-dnn-version-v9-3-2/Exploit, Third Party Advisory
- https://mayaseven.com/cve-2019-12562-stored-cross-site-scripting-in-dotnetnuke-dnn-version-v9-3-2/Exploit, Third Party Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2019-12562?
How severe is CVE-2019-12562?
How do I fix CVE-2019-12562?
Are you affected by CVE-2019-12562?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST