Moderate severityNVD Advisory· Published Mar 12, 2014· Updated May 6, 2026
CVE-2013-4649
CVE-2013-4649
Description
Cross-site scripting (XSS) vulnerability in DotNetNuke (DNN) before 6.2.9 and 7.x before 7.1.1 allows remote attackers to inject arbitrary web script or HTML via the __dnnVariable parameter to the default URI.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
DotNetNuke.CoreNuGet | < 6.2.9 | 6.2.9 |
DotNetNuke.CoreNuGet | >= 7.0, < 7.1.1 | 7.1.1 |
Affected products
65cpe:2.3:a:dnnsoftware:dotnetnuke:*:*:*:*:*:*:*:*+ 64 more
- cpe:2.3:a:dnnsoftware:dotnetnuke:*:*:*:*:*:*:*:*range: <=6.2.8
- cpe:2.3:a:dnnsoftware:dotnetnuke:1.0.10d:*:*:*:*:*:*:*
- cpe:2.3:a:dnnsoftware:dotnetnuke:1.0.10e:*:*:*:*:*:*:*
- cpe:2.3:a:dnnsoftware:dotnetnuke:1.0.6:*:*:*:*:*:*:*
- cpe:2.3:a:dnnsoftware:dotnetnuke:1.0.7:*:*:*:*:*:*:*
- cpe:2.3:a:dnnsoftware:dotnetnuke:1.0.8:*:*:*:*:*:*:*
- cpe:2.3:a:dnnsoftware:dotnetnuke:1.0.9:*:*:*:*:*:*:*
- cpe:2.3:a:dnnsoftware:dotnetnuke:2.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:dnnsoftware:dotnetnuke:2.1.2:*:*:*:*:*:*:*
- cpe:2.3:a:dnnsoftware:dotnetnuke:3.0.11:*:*:*:*:*:*:*
- cpe:2.3:a:dnnsoftware:dotnetnuke:3.0.7:*:*:*:*:*:*:*
- cpe:2.3:a:dnnsoftware:dotnetnuke:3.0.8:*:*:*:*:*:*:*
- cpe:2.3:a:dnnsoftware:dotnetnuke:3.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:dnnsoftware:dotnetnuke:3.3.5:*:*:*:*:*:*:*
- cpe:2.3:a:dnnsoftware:dotnetnuke:4.0:*:*:*:*:*:*:*
- cpe:2.3:a:dnnsoftware:dotnetnuke:4.3.5:*:*:*:*:*:*:*
- cpe:2.3:a:dnnsoftware:dotnetnuke:4.4.1:*:*:*:*:*:*:*
- cpe:2.3:a:dnnsoftware:dotnetnuke:4.5.2:*:*:*:*:*:*:*
- cpe:2.3:a:dnnsoftware:dotnetnuke:4.5.4:*:*:*:*:*:*:*
- cpe:2.3:a:dnnsoftware:dotnetnuke:4.5.5:*:*:*:*:*:*:*
- cpe:2.3:a:dnnsoftware:dotnetnuke:4.6.0:*:*:*:*:*:*:*
- cpe:2.3:a:dnnsoftware:dotnetnuke:4.6.1:*:*:*:*:*:*:*
- cpe:2.3:a:dnnsoftware:dotnetnuke:4.6.2:*:*:*:*:*:*:*
- cpe:2.3:a:dnnsoftware:dotnetnuke:4.7.0:*:*:*:*:*:*:*
- cpe:2.3:a:dnnsoftware:dotnetnuke:4.8.0:*:*:*:*:*:*:*
- cpe:2.3:a:dnnsoftware:dotnetnuke:4.8.1:*:*:*:*:*:*:*
- cpe:2.3:a:dnnsoftware:dotnetnuke:4.8.2:*:*:*:*:*:*:*
- cpe:2.3:a:dnnsoftware:dotnetnuke:4.8.3:*:*:*:*:*:*:*
- cpe:2.3:a:dnnsoftware:dotnetnuke:4.8.4:*:*:*:*:*:*:*
- cpe:2.3:a:dnnsoftware:dotnetnuke:4.9:*:*:*:*:*:*:*
- cpe:2.3:a:dnnsoftware:dotnetnuke:4.9.1:*:*:*:*:*:*:*
- cpe:2.3:a:dnnsoftware:dotnetnuke:4.9.2:*:*:*:*:*:*:*
- cpe:2.3:a:dnnsoftware:dotnetnuke:5.0:*:*:*:*:*:*:*
- cpe:2.3:a:dnnsoftware:dotnetnuke:5.05.01:*:*:*:*:*:*:*
- cpe:2.3:a:dnnsoftware:dotnetnuke:5.06.00:*:*:*:*:*:*:*
- cpe:2.3:a:dnnsoftware:dotnetnuke:5.1:*:*:*:*:*:*:*
- cpe:2.3:a:dnnsoftware:dotnetnuke:5.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:dnnsoftware:dotnetnuke:5.1.2:*:*:*:*:*:*:*
- cpe:2.3:a:dnnsoftware:dotnetnuke:5.1.3:*:*:*:*:*:*:*
- cpe:2.3:a:dnnsoftware:dotnetnuke:5.1.4:*:*:*:*:*:*:*
- cpe:2.3:a:dnnsoftware:dotnetnuke:6.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:dnnsoftware:dotnetnuke:6.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:dnnsoftware:dotnetnuke:6.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:dnnsoftware:dotnetnuke:6.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:dnnsoftware:dotnetnuke:6.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:dnnsoftware:dotnetnuke:6.1.2:*:*:*:*:*:*:*
- cpe:2.3:a:dnnsoftware:dotnetnuke:6.1.3:*:*:*:*:*:*:*
- cpe:2.3:a:dnnsoftware:dotnetnuke:6.1.4:*:*:*:*:*:*:*
- cpe:2.3:a:dnnsoftware:dotnetnuke:6.1.5:*:*:*:*:*:*:*
- cpe:2.3:a:dnnsoftware:dotnetnuke:6.2.0:*:*:*:*:*:*:*
- cpe:2.3:a:dnnsoftware:dotnetnuke:6.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:dnnsoftware:dotnetnuke:6.2.2:*:*:*:*:*:*:*
- cpe:2.3:a:dnnsoftware:dotnetnuke:6.2.3:*:*:*:*:*:*:*
- cpe:2.3:a:dnnsoftware:dotnetnuke:6.2.4:*:*:*:*:*:*:*
- cpe:2.3:a:dnnsoftware:dotnetnuke:6.2.5:*:*:*:*:*:*:*
- cpe:2.3:a:dnnsoftware:dotnetnuke:6.2.6:*:*:*:*:*:*:*
- cpe:2.3:a:dnnsoftware:dotnetnuke:6.2.7:*:*:*:*:*:*:*
- cpe:2.3:a:dnnsoftware:dotnetnuke:7.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:dnnsoftware:dotnetnuke:7.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:dnnsoftware:dotnetnuke:7.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:dnnsoftware:dotnetnuke:7.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:dnnsoftware:dotnetnuke:7.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:dnnsoftware:dotnetnuke:7.0.5:*:*:*:*:*:*:*
- cpe:2.3:a:dnnsoftware:dotnetnuke:7.0.6:*:*:*:*:*:*:*
- cpe:2.3:a:dnnsoftware:dotnetnuke:7.1.0:*:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
6- www.dnnsoftware.com/platform/manage/security-centernvdPatchVendor AdvisoryWEB
- packetstormsecurity.com/files/122792/DotNetNuke-DNN-7.1.0-6.2.8-Cross-Site-Scripting.htmlnvdExploitWEB
- secunia.com/advisories/53493nvdVendor AdvisoryWEB
- github.com/advisories/GHSA-rvrj-j7cc-236pghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2013-4649ghsaADVISORY
- exchange.xforce.ibmcloud.com/vulnerabilities/86432nvdWEB
News mentions
0No linked articles in our index yet.