CVE-2018-10138

Name of the Vulnerable Software and Affected Versions: DNN (formerly DotNetNuke) CATALooK.netStore module versions through 7.2.8

Description: The issue allows for XSS attacks via specific parameters in certain API endpoints. The affected endpoints include /ViewEditGoogleMaps.aspx with the PortalID or CATSkin parameter, and /ImageViewer.aspx with the link or desc parameter.

Recommendations: For DNN (formerly DotNetNuke) CATALooK.netStore module versions through 7.2.8, consider disabling access to the /ViewEditGoogleMaps.aspx and /ImageViewer.aspx endpoints until a patch is available. As a temporary workaround, restrict the use of the PortalID, CATSkin, link, and desc parameters in these endpoints to minimize the risk of exploitation.