CVE-2021-31858

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in nuget/DotNetNuke.Core

Identifiers

CVE-2021-31858

Package Slug

nuget/DotNetNuke.Core

Vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Description

DotNetNuke (DNN) 9.9.1 CMS is vulnerable to a Stored Cross-Site Scripting vulnerability in the user profile biography section which allows remote authenticated users to inject arbitrary code via a crafted payload.

Affected Versions

All versions up to 9.10.2

Solution

Unfortunately, there is no solution available yet.

Last Modified

2022-07-27

source