Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2013-2024 and is owned by Tenable, Inc. or an Affiliate thereof.DOTNETNUKE_6_2_9.NASL
HistoryOct 03, 2013 - 12:00 a.m.

DNN (DotNetNuke) < 6.2.9 / 7.1.1 Multiple Vulnerabilities

2013-10-0300:00:00
This script is Copyright (C) 2013-2024 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
53

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

5.9

Confidence

High

EPSS

0.003

Percentile

65.7%

JSON

The version of DNN installed on the remote host is affected by multiple vulnerabilities :

  • The application is affected by a persistent cross-site scripting vulnerability because input to the ‘Display Name’ in the ‘Manage Profile’ view is not properly sanitized. (CVE-2013-3943)

  • The application is affected by a cross-site scripting vulnerability because user-supplied input to the ‘__dnnVariable’ parameter is not properly sanitized.
    (CVE-2013-4649)

  • An unspecified open redirect flaw exists that can allow an attacker to perform a phishing attack by enticing a user to click on a malicious URL.
    (CVE-2013-7335)

Note that Nessus has not tested for these issues but has instead relied only on the application’s self-reported version number.

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(70294);
  script_version("1.14");
  script_set_attribute(attribute:"plugin_modification_date", value:"2024/06/05");

  script_cve_id("CVE-2013-3943", "CVE-2013-4649", "CVE-2013-7335");
  script_bugtraq_id(61770, 61809);

  script_name(english:"DNN (DotNetNuke) < 6.2.9 / 7.1.1 Multiple Vulnerabilities");

  script_set_attribute(attribute:"synopsis", value:
"The remote web server contains an ASP.NET application that is affected
by multiple vulnerabilities.");
  script_set_attribute(attribute:"description", value:
"The version of DNN installed on the remote host is affected by
multiple vulnerabilities :

  - The application is affected by a persistent cross-site
    scripting vulnerability because input to the
    'Display Name' in the 'Manage Profile' view is not
    properly sanitized. (CVE-2013-3943)

  - The application is affected by a cross-site scripting
    vulnerability because user-supplied input to the
    '__dnnVariable' parameter is not properly sanitized.
    (CVE-2013-4649)

  - An unspecified open redirect flaw exists that can
    allow an attacker to perform a phishing attack by
    enticing a user to click on a malicious URL.
    (CVE-2013-7335)

Note that Nessus has not tested for these issues but has instead
relied only on the application's self-reported version number.");
  script_set_attribute(attribute:"see_also", value:"https://www.dnnsoftware.com/community/security/security-center");
  script_set_attribute(attribute:"solution", value:
"Upgrade to DNN version 6.2.9 / 7.1.1 or later.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_cwe_id(20, 74, 79, 442, 629, 711, 712, 722, 725, 750, 751, 800, 801, 809, 811, 864, 900, 928, 931, 990);

  script_set_attribute(attribute:"vuln_publication_date", value:"2013/08/13");
  script_set_attribute(attribute:"patch_publication_date", value:"2013/08/13");
  script_set_attribute(attribute:"plugin_publication_date", value:"2013/10/03");

  script_set_attribute(attribute:"plugin_type", value:"remote");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:dotnetnuke:dotnetnuke");
  script_set_attribute(attribute:"thorough_tests", value:"true");
  script_set_attribute(attribute:"enable_cgi_scanning", value:"true");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"CGI abuses");

  script_copyright(english:"This script is Copyright (C) 2013-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("dotnetnuke_detect.nasl");
  script_require_keys("installed_sw/DNN");
  script_exclude_keys("Settings/disable_cgi_scanning");
  script_require_ports("Services/www", 80);

  exit(0);
}

include("audit.inc");
include("global_settings.inc");
include("misc_func.inc");
include("http.inc");
include("install_func.inc");

app = "DNN";
get_install_count(app_name:app, exit_if_zero:TRUE);

port = get_http_port(default:80, asp:TRUE);

install = get_single_install(
  app_name : app,
  port     : port,
  exit_if_unknown_ver : TRUE
);

dir = install['path'];
version = install['version'];

install_url = build_url(qs:dir, port:port);

if (version =~ '(^6(\\.2)?$)|(^7(\\.1)?$)')
  audit(AUDIT_VER_NOT_GRANULAR, app, port, version);

fix = NULL;

# Versions less than 6.2.9 / 7.1.1 are vulnerable
if (version =~ "^[0-5]\.")
  fix = "6.2.9 / 7.1.1";
else if (version =~ "^6\." && (ver_compare(ver:version, fix:'6.2.9', strict:FALSE) == -1))
  fix = "6.2.9";
else if (version =~ "^7\." && (ver_compare(ver:version, fix:'7.1.1', strict:FALSE) == -1))
  fix = "7.1.1";

if (!isnull(fix))
{
  set_kb_item(name:"www/"+port+"/XSS", value:TRUE);
  if (report_verbosity > 0)
  {
    report =
      '\n  URL               : ' +install_url+
      '\n  Installed version : ' +version+
      '\n  Fixed version     : ' +fix+ '\n';
    security_warning(port:port, extra:report);
  }
  else security_warning(port);
}
else audit(AUDIT_WEB_APP_NOT_AFFECTED, app, install_url, version);

Related

openvas 1
cvelist 3
veracode 3
nvd 3
prion 3
cve 3
osv 2
github 2
packetstorm 1
nessus 1
openvas
openvas
DotNetNuke 6.x < 6.2.9, 7.x < 7.1.1 Redirection Weakness and XSS Vulnerabilities
2013-08-21 00:00:00
cvelist
cvelist
CVE-2013-7335
2014-03-12 14:00:00
CVE-2013-3943
2014-03-12 14:00:00
CVE-2013-4649
2014-03-12 14:00:00
veracode
veracode
Open Redirection
2018-11-16 02:32:49
Cross-Site Scripting (XSS)
2018-11-16 01:56:11
Cross-Site Scripting (XSS)
2018-11-16 02:04:59
nvd
nvd
CVE-2013-7335
2014-03-12 14:55:30
CVE-2013-3943
2014-03-12 14:55:30
CVE-2013-4649
2014-03-12 14:55:30
prion
prion
Open redirect
2014-03-12 14:55:00
Cross site scripting
2014-03-12 14:55:00
Cross site scripting
2014-03-12 14:55:00
cve
cve
CVE-2013-3943
2014-03-12 14:55:30
CVE-2013-7335
2014-03-12 14:55:30
CVE-2013-4649
2014-03-12 14:55:30
osv
osv
DotNetNuke (DNN) Open redirect vulnerability
2022-05-17 04:49:44
DotNetNuke (DNN) Cross-site scripting (XSS) vulnerability via the __dnnVariable parameter
2022-05-17 01:33:02
github
github
DotNetNuke (DNN) Open redirect vulnerability
2022-05-17 04:49:44
DotNetNuke (DNN) Cross-site scripting (XSS) vulnerability via the __dnnVariable parameter
2022-05-17 01:33:02
packetstorm
packetstorm
DotNetNuke (DNN) 7.1.0 / 6.2.8 Cross Site Scripting
2013-08-13 00:00:00
nessus
nessus
DNN (DotNetNuke) __dnnVariable Parameter XSS
2013-08-16 00:00:00

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

5.9

Confidence

High

EPSS

0.003

Percentile

65.7%

JSON
Related for DOTNETNUKE_6_2_9.NASL
openvas1cvelist3veracode3nvd3prion3cve3osv2github2packetstorm1nessus1