CVE-2021-31858 Stored Cross-Site Scripting in DotNetNuke
1. Vulnerability Properties
Title: Stored Cross-Site Scripting in DotNetNuke CVE ID: CVE-2021-31858 CVSSv3 Base Score: 5.4 (AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N) Vendor: DNNSoftware Products: DotNetNuke Advisory Release Date: 19-07-2022 Advisory URL: https://labs.integrity.pt/advisories/cve-2021-31858 Credits: Discovery by Bruno Barreirinhas <bb[at]integrity.pt>
2. Vulnerability Summary
DotNetNuke CMS is vulnerable to a Stored Cross-Site Scripting vulnerability in the user profile biography section which allows remote authenticated users to inject JavaScript and/or HTML via a crafted payload.
Any subsequent requests to the attacker’s user profile page will retrieve the malicious content and exploit the vulnerability in the victim’s browser.
3. Vulnerable Versions
<= 9.10.2
4. Solutions
Until an official patch is released, it’s recommended that affected users take one of the following actions:
Disable User profile page in Settings > Site Behavior > Default Pages > User Profile Page
Set user profile visibility mode to Admin Only in Settings > Site Behavior > User Profiles > User Profile Settings
Disable user profile Biography field in Settings > Site Behavior > User Profiles > User Profile Fields
5. Vulnerability Timeline
28/Apr/21 - Bug reported to DNNSoftware via email (no feedback)
26/May/21 - Contacted vendor via GitHub
26/May/21 - Bug reported to DNNSoftware via email
27/May/21 - Bug verified by DNNSoftware
13/Jul/21 - Requested feedback regarding the vulnerability
22/Jul/21 - Informed the vendor about the assigned CVE ID (no feedback)
20/Sep/21 - Requested feedback regarding the vulnerability
23/Dez/21 - Requested feedback regarding the vulnerability
05/Jul/22 - Notified the vendor about the disclosure (no feedback)
11/Jul/22 - Notified the vendor regarding the vulnerability details (no feedback)