CVE-2015-1566 — Moderate severity vulnerability that affects DotNetNuke.Core

Description

Cross-site scripting (XSS) vulnerability in DotNetNuke (DNN) before 7.4.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

How to fix CVE-2015-1566

To remediate CVE-2015-1566, upgrade the affected package to a fixed version below.

NuGet/DotNetNuke.Core—upgrade to 7.4.0 or later

Is CVE-2015-1566 being exploited?

Low — EPSS is 0.3%, meaning exploitation activity has not been observed at scale.

Affected packages (1)

from 0, < 7.4.0

References (4)

ADVISORYgithub.com/advisories/GHSA-v76m-f5cx-8rg4
ADVISORYnvd.nist.gov/vuln/detail/CVE-2015-1566
WEBsecunia.com/advisories/62832
WEBwww.dnnsoftware.com/platform/manage/security-center