Provides basic references to the DotNetNuke.dll to develop extensions for the DNN Platform. For MVC or WebAPI please see other packages available as well
Path to dependency file: /Modules/WillStrohl.LightboxGallery/packages.config
Path to vulnerable library: /Modules/WillStrohl.LightboxGallery/packages/DotNetNuke.Core.9.10.0/DotNetNuke.Core.9.10.0.nupkg,/Modules/WillStrohl.LightboxGallery/packages.config
Provides basic references to the DotNetNuke.dll to develop extensions for the DNN Platform. For MVC or WebAPI please see other packages available as well
Path to dependency file: /Modules/WillStrohl.OpenGraph/packages.config
Path to vulnerable library: /Modules/WillStrohl.OpenGraph/packages/DotNetNuke.Core.9.4.0/DotNetNuke.Core.9.4.0.nupkg,/Modules/WillStrohl.OpenGraph/packages.config
DotNetNuke (DNN) 9.9.1 CMS is vulnerable to a Stored Cross-Site Scripting vulnerability in the user profile biography section which allows remote authenticated users to inject arbitrary code via a crafted payload.
CVE-2021-31858 - Medium Severity Vulnerability
Vulnerable Libraries - dotnetnuke.core.9.10.0.nupkg, dotnetnuke.core.9.4.0.nupkg
dotnetnuke.core.9.10.0.nupkg
Provides basic references to the DotNetNuke.dll to develop extensions for the DNN Platform. For MVC or WebAPI please see other packages available as well
Library home page: https://api.nuget.org/packages/dotnetnuke.core.9.10.0.nupkg
Path to dependency file: /Modules/WillStrohl.LightboxGallery/packages.config
Path to vulnerable library: /Modules/WillStrohl.LightboxGallery/packages/DotNetNuke.Core.9.10.0/DotNetNuke.Core.9.10.0.nupkg,/Modules/WillStrohl.LightboxGallery/packages.config
Dependency Hierarchy: - :x: **dotnetnuke.core.9.10.0.nupkg** (Vulnerable Library)
dotnetnuke.core.9.4.0.nupkg
Provides basic references to the DotNetNuke.dll to develop extensions for the DNN Platform. For MVC or WebAPI please see other packages available as well
Library home page: https://api.nuget.org/packages/dotnetnuke.core.9.4.0.nupkg
Path to dependency file: /Modules/WillStrohl.OpenGraph/packages.config
Path to vulnerable library: /Modules/WillStrohl.OpenGraph/packages/DotNetNuke.Core.9.4.0/DotNetNuke.Core.9.4.0.nupkg,/Modules/WillStrohl.OpenGraph/packages.config
Dependency Hierarchy: - :x: **dotnetnuke.core.9.4.0.nupkg** (Vulnerable Library)
Found in HEAD commit: 1f8af17e591b32ac36af71a5f8fc037a8812e8f8
Found in base branch: development
Vulnerability Details
DotNetNuke (DNN) 9.9.1 CMS is vulnerable to a Stored Cross-Site Scripting vulnerability in the user profile biography section which allows remote authenticated users to inject arbitrary code via a crafted payload.
Publish Date: 2022-07-20
URL: CVE-2021-31858
CVSS 3 Score Details (5.4)
Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: Low - User Interaction: Required - Scope: Changed - Impact Metrics: - Confidentiality Impact: Low - Integrity Impact: Low - Availability Impact: None
For more information on CVSS3 Scores, click here.Suggested Fix
Type: Upgrade version
Origin: https://nvd.nist.gov/vuln/detail/CVE-2021-31858
Release Date: 2022-07-20
Fix Resolution: DotNetNuke.Core - 9.11.0
Step up your Open Source Security Game with Mend here