Check: 2015-B-0021
Windows 2012 IAVM:
2015-B-0021
(in version v1 r30)
Title
DotNetNuke Cross-Site Scripting Vulnerability (Cat I impact)
Discussion
DotNetNuke has released a security bulletin addressing a vulnerability affecting DotNetNuke. DotNetNuke is an open-source framework for creating and deploying websites. To exploit this vulnerability, an attacker would convince a user to access a URL pointing to a location where malicious content is housed. If successfully exploited, this vulnerability would allow an attacker to perform a cross-site scripting attack and execute arbitrary code in the users browser in the context of the affected site.
Check Content
Fix Text
Additional Identifiers
Rule ID:
Vulnerability ID: V-58763
Group Title:
Expert Comments
Expert comments are only available to logged-in users.
CCIs
CCIs tied to check.
| Number | Definition |
|---|---|
| No CCIs are assigned to this check |
Controls
Controls tied to check. These are derived from the CCIs shown above.
| Number | Title |
|---|---|
| No controls are assigned to this check |