Miggo Logo

CVE-2018-14486: DNN XSS Vulnerability

6.1

CVSS Score
3.0

Basic Information

EPSS Score
0.67669%
Published
5/14/2022
Updated
10/6/2023
KEV Status
No
Technology
TechnologyC#

Technical Details

CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Package NameEcosystemVulnerable VersionsFirst Patched Version
DotNetNuke.Corenuget<= 9.1.1

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The provided vulnerability information lacks concrete technical details about the implementation, such as code snippets, commit diffs, or explicit references to specific functions/modules handling XML parsing/rendering. While the vulnerability context (XSS via XML) suggests insecure XML data processing and output encoding flaws in DotNetNuke.Core, the absence of patch details or code examples makes it impossible to identify exact function names or file paths with high confidence. The advisory describes the 'what' (XSS via XML) but not the 'where' (specific functions) in the codebase.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

*NN (*orm*rly *otN*tNuk*) *.*.* *llows *ross-sit* s*riptin* (XSS) vi* XML.

Reasoning

T** provi*** vuln*r**ility in*orm*tion l**ks *on*r*t* t***ni**l **t*ils **out t** impl*m*nt*tion, su** *s *o** snipp*ts, *ommit *i**s, or *xpli*it r***r*n**s to sp**i*i* `*un*tions/mo*ul*s` **n*lin* XML p*rsin*/r*n**rin*. W*il* t** vuln*r**ility *ont