Lucene search

GitHub Advisory DatabaseGHSA-MJ48-F959-PQPH

HistoryMay 17, 2022 - 4:49 a.m.

DotNetNuke (DNN) Open redirect vulnerability

2022-05-1704:49:44

CWE-20

CWE-601

GitHub Advisory Database

github.com

dotnetnuke

open redirect vulnerability

remote attackers

phishing attacks

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

EPSS

0.003

Percentile

65.7%

JSON

Open redirect vulnerability in DotNetNuke (DNN) before 6.2.9 and 7.x before 7.1.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.

Affected configurations

Vulners

Node

dotnetnuke.coreRange7.0–7.1.1

dotnetnuke.coreRange<6.2.9

VendorProductVersionCPE
*dotnetnuke.core*cpe:2.3:a:*:dotnetnuke.core:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
*	dotnetnuke.core	*	cpe:2.3:a::dotnetnuke.core::::::::*

References

www.dnnsoftware.com/platform/manage/security-center

www.securityfocus.com/bid/61809

github.com/advisories/GHSA-mj48-f959-pqph

nvd.nist.gov/vuln/detail/CVE-2013-7335

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

EPSS

0.003

Percentile

65.7%

JSON

Related for GHSA-MJ48-F959-PQPH