CVE-2018-10138

Vulnerability

The CATALooK.netStore module for DNN (formerly DotNetNuke) through version 7.2.8 is vulnerable to reflected cross-site scripting (XSS) in /ViewEditGoogleMaps.aspx via the PortalID or CATSkin GET parameter, and in /ImageViewer.aspx via the link or desc parameter [1]. No authentication is required to trigger the vulnerability.

Exploitation

An unauthenticated attacker can craft a malicious URL containing a JavaScript payload in any of the vulnerable parameters. If a victim visits the crafted URL, the payload executes in the context of the DNN site. The attack requires no user interaction beyond clicking the link.

Impact

Successful exploitation allows the attacker to execute arbitrary JavaScript in the victim's browser. This can lead to theft of cookies, session tokens, or other sensitive information, and could potentially be used to deface the page or perform actions on behalf of the victim.

Mitigation

No official patch has been released as of the publication date [1]. As a workaround, administrators should disable the CATALooKStore module if not required, or implement web application firewall (WAF) rules to filter malicious input. Input validation and output encoding should be applied to the affected parameters.