CVE-2021-31858

Name of the Vulnerable Software and Affected Versions DotNetNuke (DNN) version 9.9.1

Description The issue concerns a Stored Cross-Site Scripting vulnerability in the user profile biography section. This allows remote authenticated users to inject arbitrary code via a crafted payload.

Recommendations For DotNetNuke (DNN) version 9.9.1, as a temporary workaround, consider restricting access to the user profile biography section until a patch is available. Avoid using the biography section in user profiles to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.