发布时间 :2005-05-19 00:00:00
修订时间 :2016-10-17 23:07:32

[原文]Multiple cross-site scripting (XSS) vulnerabilities in DotNetNuke before 3.0.12 allow remote attackers to inject arbitrary web script or HTML via the (1) register a new user page, (2) User-Agent, or (3) Username, which is not properly quoted before sending to the error log.



- CVSS (基础分值)

CVSS分值: 4.3 [中等(MEDIUM)]
机密性影响: [--]
完整性影响: [--]
可用性影响: [--]
攻击复杂度: [--]
攻击向量: [--]
身份认证: [--]

- CPE (受影响的平台与产品)


- OVAL (用于检测的技术细节)


- 官方数据库链接
(官方数据源) MITRE
(官方数据源) NVD
(官方数据源) CNNVD

- 其它链接及资源
(UNKNOWN)  BUGTRAQ  20050516 DotNetNuke (Multiple XSS)
(UNKNOWN)  BID  13644
(UNKNOWN)  BID  13646
(UNKNOWN)  BID  13647

- 漏洞信息

中危 跨站脚本
2005-05-19 00:00:00 2005-10-20 00:00:00

- 公告与补丁


- 漏洞信息 (F39266)

dotnetnukexss.txt (PacketStormID:F39266)
2005-08-14 00:00:00
Mark Woan

DotNetNuke versions below 3.0.12 suffer from multiple cross site scripting flaws.

Security Advisory

    Advisory Name: Multiple DotNetNuke Cross Site Scripting (XSS)
     Release Date: 16/05/2005
      Application: DotNetNuke (Multiple versions affected)
         Platform: Microsoft Windows
Versions Affected: Versions below 3.0.12
         Severity: Allows unauthenticated cross site scripting attacks
           Author: Mark Woan (m.woan[at]
    Vendor Status: Informed and patch available
    CVE Candidate: CAN-2005-0040


DotNetNuke is an Open Source hybrid of the IBuySpy Portal. Its management
team is dedicated to the ongoing management of core portal application
DotNetNuke provides automated content management capabilities and tools to
maintain a dynamic and 100% interactive data-driven web site.


Issue 1 (XSS)
There is a vulnerability caused by the lack of input validation when
registering a new user within a DotNetNuke portal. An attacker could use a
cross site scripting
(XSS) attack when registering a new user, when the View All User Details
page the malicious code will be executed, resulting in the capture of
Administrative session credentials. Versions prior to 3.0.12 appear to be

Issue 2 (Secondary XSS)
The User-Agent string sent with each request is stored for logging purposes.
This data comes from the client and cannot be trusted, and therefore must be
An attacker could set the User-Agent string for the request to malicious
script code, which would be logged and executed when any logs are viewed
that contain the User-Agent field. This attack can be utilised by an
unauthenticated user simply requesting the root page. 

Issue 3 (Secondary XSS)
The failed logon Username is stored and displayed on the Log Viewer page. An
attacker can send a Logon request with malicious script set as the parameter
value, the script passed in the parameter will be executed when an
Administrative user views the Log Viewer page or any log page that displays
the failed logon Username.

Vendor Response:

05-01-2005 Contacted core development team via email
10-01-2005 Response from vendor received and confirmed
10-01-2005 Second mail sent regarding more issues
13-01-2005 Sent email asking for confirmation of second email (No vendor
12-03-2005 DotNetNuke v3.0.12 released (All reported security issues fixed)


Users should install DotNetNuke v3.0.12 or greater.

Thanks to NISCC ( for their help assigning the CVE


- 漏洞信息

DotNetNuke New User Registration XSS
Remote / Network Access Input Manipulation
Loss of Integrity

- 漏洞描述

Unknown or Incomplete

- 时间线

2005-05-16 2005-01-05
Unknow Unknow

- 解决方案

Unknown or Incomplete

- 相关参考

- 漏洞作者

Unknown or Incomplete

- 漏洞信息

DotNetNuke Failed Logon Username Application Logs HTML Injection Vulnerability
Input Validation Error 13647
Yes No
2005-05-16 12:00:00 2009-07-12 02:56:00
"Mark Woan" <> is credited with the discovery of this vulnerability.

- 受影响的程序版本

DotNetNuke DotNetNuke 3.0.8
DotNetNuke DotNetNuke 3.0.7
DotNetNuke DotNetNuke 2.1.2
DotNetNuke DotNetNuke 2.1.1
DotNetNuke DotNetNuke 1.0.10 e
DotNetNuke DotNetNuke 1.0.10 d
DotNetNuke DotNetNuke 1.0.9
DotNetNuke DotNetNuke 1.0.8
DotNetNuke DotNetNuke 1.0.7
DotNetNuke DotNetNuke 1.0.6
DotNetNuke DotNetNuke 3.1 .0

- 不受影响的程序版本

DotNetNuke DotNetNuke 3.1 .0

- 漏洞讨论

DotNetNuke is prone to an HTML-injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in dynamically generated content. Specifically, the application fails to sanitize user-supplied input that is supplied as a failed logon Username string value, allowing script or HTML code to be included in application log files.

- 漏洞利用

No exploit is required.

- 解决方案

Reports indicate that a fix is available to address this vulnerability. Symantec has not confirmed this. Please contact the vendor for further information.

Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: <>.

- 相关参考