DotNetNuke User Registration Information HTML Injection Vulnerability
BID:13644
Info
DotNetNuke User Registration Information HTML Injection Vulnerability
| Bugtraq ID: | 13644 |
| Class: | Input Validation Error |
| CVE: |
CVE-2005-0040 |
| Remote: | Yes |
| Local: | No |
| Published: | May 16 2005 12:00AM |
| Updated: | Jul 12 2009 02:56PM |
| Credit: | "Mark Woan" <[email protected]> is credited with the discovery of this vulnerability. |
| Vulnerable: |
DotNetNuke DotNetNuke 3.0.8 DotNetNuke DotNetNuke 3.0.7 DotNetNuke DotNetNuke 2.1.2 DotNetNuke DotNetNuke 2.1.1 DotNetNuke DotNetNuke 1.0.10 e DotNetNuke DotNetNuke 1.0.10 d DotNetNuke DotNetNuke 1.0.9 DotNetNuke DotNetNuke 1.0.8 DotNetNuke DotNetNuke 1.0.7 DotNetNuke DotNetNuke 1.0.6 DirectTopics.nl DirectTopics 2.2 DirectTopics.nl DirectTopics 2.1 DirectTopics.nl DirectTopics DT 2final DirectTopics.nl DirectTopics DT 2beta |
| Not Vulnerable: |
DotNetNuke DotNetNuke 3.1 .0 |
Discussion
DotNetNuke User Registration Information HTML Injection Vulnerability
DotNetNuke is prone to an HTML-injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in dynamically generated content. Specifically, the application fails to sanitize user-supplied input that is supplied while registering a user, allowing script or HTML code to be included in user-information pages.
DotNetNuke is prone to an HTML-injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in dynamically generated content. Specifically, the application fails to sanitize user-supplied input that is supplied while registering a user, allowing script or HTML code to be included in user-information pages.
Exploit / POC
DotNetNuke User Registration Information HTML Injection Vulnerability
No exploit is required.
No exploit is required.
Solution / Fix
DotNetNuke User Registration Information HTML Injection Vulnerability
Solution:
Reports indicate that a fix is available to address this vulnerability. Symantec has not confirmed this. Please contact the vendor for further information.
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Solution:
Reports indicate that a fix is available to address this vulnerability. Symantec has not confirmed this. Please contact the vendor for further information.
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
References
DotNetNuke User Registration Information HTML Injection Vulnerability
References:
References:
- DirectTopics Homepage (DirectTopics.nl)
- DotNetNuke Homepage (DotNetNuke)
- Directtopics Multiple Vulnerabilities (Security Advisory) (Morinex Eneco
)