CVE-2013-3943: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

March 12, 2014 (updated March 13, 2014)

Cross-site scripting (XSS) vulnerability in DotNetNuke (DNN) allows remote authenticated users to inject arbitrary web script or HTML via vectors related to the Display Name field in the Manage Profile.

References

secunia.com/advisories/53493
www.dnnsoftware.com/platform/manage/security-center
www.securityfocus.com/bid/61809
nvd.nist.gov/vuln/detail/CVE-2013-3943

Code Behaviors & Features

Detect and mitigate CVE-2013-3943 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →