Miggo Logo
Miggo Vulnerability Database
CVE-2015-1566

CVE-2015-1566: Moderate severity vulnerability that affects DotNetNuke.Core

4.3

CVSS Score

Basic Information

CVE ID
CVE-2015-1566
GHSA ID
GHSA-v76m-f5cx-8rg4
EPSS Score
0.486%
CWE
CWE-79
Published
10/16/2018
Updated
1/9/2023
KEV Status
No
Technology
TechnologyC#

Technical Details

CVSS Vector
AV:N/AC:M/Au:N/C:N/I:P/A:N
Package NameEcosystemVulnerable VersionsFirst Patched Version
DotNetNuke.Corenuget< 7.4.07.4.0

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability (CVE-2015-1566) is a stored XSS in DNN <7.4.0. Security bulletins indicate the core issue was improper neutralization during HTML generation. Analysis focused on:

  1. Output rendering functions in high-risk modules like HTML/Text
  2. Core HTML utilities handling user content
  3. Security bulletin references to legacy code fixes in 7.4.0 While exact patch details are unavailable, the HTML module's rendering logic and core HTML utilities are prime candidates for unencoded output based on the XSS nature and affected component (DotNetNuke.Core). Confidence is medium due to reliance on advisory descriptions rather than direct code diffs.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

*ross-sit* s*riptin* (XSS) vuln*r**ility in *otN*tNuk* (*NN) ***or* *.*.* *llows r*mot* *tt**k*rs to inj**t *r*itr*ry w** s*ript or *TML vi* unsp**i*i** v**tors.

Reasoning

T** vuln*r**ility (*V*-****-****) is * stor** XSS in *NN <*.*.*. S**urity *ull*tins in*i**t* t** *or* issu* w*s improp*r n*utr*liz*tion *urin* *TML **n*r*tion. *n*lysis *o*us** on: *. Output r*n**rin* *un*tions in *i**-risk mo*ul*s lik* *TML/T*xt *.