Dnn · Dotnetnuke · CVE-2005-0040
**Name of the Vulnerable Software and Affected Versions**
DotNetNuke versions prior to 3.0.12
**Description**
The issue allows remote attackers to inject arbitrary web script or HTML via multiple vectors, including the register a new user page, User-Agent, or Username, which is not properly quoted before sending to the error log.
**Recommendations**
For versions prior to 3.0.12, update to version 3.0.12 or later to resolve the issue.