CVE-2016-7119

Name of the Vulnerable Software and Affected Versions DotNetNuke (DNN) versions prior to 8.0.1

Description The issue is related to a cross-site scripting (XSS) vulnerability in the user-profile biography section. This allows remote authenticated users to inject arbitrary web script or HTML via a crafted onclick attribute in an IMG element.

Recommendations For versions prior to 8.0.1, update to version 8.0.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the user-profile biography section until the update is applied.