DotNetNuke.Core is vulnerable to cross-site scripting. A remote attacker is able to inject arbitrary Javascript into a victim’s browser to steal session tokens or perform unwanted actions on behalf of the user via the __dnnVariable
parameter to the default URI.
packetstormsecurity.com/files/122792/DotNetNuke-DNN-7.1.0-6.2.8-Cross-Site-Scripting.html
secunia.com/advisories/53493
www.dnnsoftware.com/platform/manage/security-center
exchange.xforce.ibmcloud.com/vulnerabilities/86432
packetstormsecurity.com/files/122792/DotNetNuke-DNN-7.1.0-6.2.8-Cross-Site-Scripting.html