CVE-2021-31858 Stored Cross-Site Scripting in DotNetNuke

1. Vulnerability Properties

Title: Stored Cross-Site Scripting in DotNetNuke
CVE ID: CVE-2021-31858
CVSSv3 Base Score: 5.4 (AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N)
Vendor: DNNSoftware
Products: DotNetNuke
Advisory Release Date: 19-07-2022
Advisory URL: https://labs.integrity.pt/advisories/cve-2021-31858
Credits: Discovery by Bruno Barreirinhas <bb[at]integrity.pt>

2. Vulnerability Summary

DotNetNuke CMS is vulnerable to a Stored Cross-Site Scripting vulnerability in the user profile biography section which allows remote authenticated users to inject JavaScript and/or HTML via a crafted payload.
Any subsequent requests to the attacker’s user profile page will retrieve the malicious content and exploit the vulnerability in the victim’s browser.

3. Vulnerable Versions

  • <= 9.10.2

4. Solutions

Until an official patch is released, it’s recommended that affected users take one of the following actions:

  • Disable User profile page in Settings > Site Behavior > Default Pages > User Profile Page
  • Set user profile visibility mode to Admin Only in Settings > Site Behavior > User Profiles > User Profile Settings
  • Disable user profile Biography field in Settings > Site Behavior > User Profiles > User Profile Fields

5. Vulnerability Timeline

  • 28/Apr/21 - Bug reported to DNNSoftware via email (no feedback)
  • 26/May/21 - Contacted vendor via GitHub
  • 26/May/21 - Bug reported to DNNSoftware via email
  • 27/May/21 - Bug verified by DNNSoftware
  • 13/Jul/21 - Requested feedback regarding the vulnerability
  • 22/Jul/21 - Informed the vendor about the assigned CVE ID (no feedback)
  • 20/Sep/21 - Requested feedback regarding the vulnerability
  • 23/Dez/21 - Requested feedback regarding the vulnerability
  • 05/Jul/22 - Notified the vendor about the disclosure (no feedback)
  • 11/Jul/22 - Notified the vendor regarding the vulnerability details (no feedback)
  • 19/Jul/22 - Advisory released

6. References

  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31858


© 2022 Integrity Part of Devoteam. All rights reserved.