EasyDNNnews Cross Site Scripting
Posted on 14 January 2016
Details ======= Product: EasyDNNnews Vulnerability: Reflected XSS Author: Peter Lapp, lappsec () gmail com CVE: None Vulnerable Versions: <7.5 Fixed Version: 7.5 Summary ======= >From the vendor's website: "EasyDNNnews is a very powerful DotNetNuke module that enables non-technical users to publish and manage articles, news, press releases, stories and editorials." During an engagement it was discovered that reflected XSS could be achieved in two locations by appending a bogus GET parameter that contained JavaScript in the parameter name. After alerting EasyDNNsolutions of the vulnerability, they informed me that one of the vulnerabilities had already been fixed and the other would be fixed in an upcoming release. Example ================= http://targetsite.com/Blog/Details/blog-post?%3C/script%3E%3Cscript%3Ealert%280%29%3C/script%3E=1 Solution ======== Upgrade to 7.5 Timeline ======== 08/31/15 - Contacted EasyDNNnews about the vulnerability. 09/01/15 - Vendor responds and says the first vulnerability has been fixed and the other will be in the next release, which was 7.5.