Filtered by vendor Dnnsoftware
Subscriptions
Total
26 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-48376 | 1 Dnnsoftware | 1 Dotnetnuke | 2025-08-26 | 3.5 Low |
| DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Prior to version 9.13.9, a malicious SuperUser (Host) could craft a request to use an external url for a site export to then be imported. Version 9.13.9 fixes the issue. | ||||
| CVE-2025-48377 | 1 Dnnsoftware | 1 Dotnetnuke | 2025-08-26 | 5.4 Medium |
| DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Prior to version 9.13.9, a specially crafted URL may be constructed which can inject an XSS payload that is triggered by using some module actions. Version 9.13.9 fixes the issue. | ||||
| CVE-2025-48378 | 1 Dnnsoftware | 1 Dotnetnuke | 2025-08-26 | 5.4 Medium |
| DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Prior to version 9.13.9, uploaded SVG files could contain scripts and if rendered inline those scripts could run allowing XSS attacks. Version 9.13.9 fixes the issue. | ||||
| CVE-2025-32035 | 1 Dnnsoftware | 1 Dotnetnuke | 2025-08-26 | 2.6 Low |
| DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Prior to 9.13.2, when uploading files (e.g. when uploading assets), the file extension is checked to see if it's an allowed file type but the actual contents of the file aren't checked. This means that it's possible to e.g. upload an executable file renamed to be a .jpg. This file could then be executed by another security vulnerability. This vulnerability is fixed in 9.13.2. | ||||
| CVE-2025-32036 | 1 Dnnsoftware | 1 Dotnetnuke | 2025-08-26 | 4.2 Medium |
| DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. The algorithm used to generate the captcha image shows the least complexity of the desired image. For this reason, the created image can be easily read by OCR tools, and the intruder can send automatic requests by building a robot and using this tool. This vulnerability is fixed in 9.13.8. | ||||
| CVE-2025-32371 | 1 Dnnsoftware | 1 Dotnetnuke | 2025-08-26 | 4.3 Medium |
| DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. A url could be crafted to the DNN ImageHandler to render text from a querystring parameter. This text would display in the resulting image and a user that trusts the domain might think that the information is legitimate. This vulnerability is fixed in 9.13.4. | ||||
| CVE-2025-32372 | 1 Dnnsoftware | 1 Dotnetnuke | 2025-08-26 | 6.5 Medium |
| DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. A bypass has been identified for the previously known vulnerability CVE-2017-0929, allowing unauthenticated attackers to execute arbitrary GET requests against target systems, including internal or adjacent networks. This vulnerability facilitates a semi-blind SSRF attack, allowing attackers to make the target server send requests to internal or external URLs without viewing the full responses. Potential impacts include internal network reconnaissance, bypassing firewalls. This vulnerability is fixed in 9.13.8. | ||||
| CVE-2025-32373 | 1 Dnnsoftware | 1 Dotnetnuke | 2025-08-26 | 6.5 Medium |
| DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. In limited configurations, registered users may be able to craft a request to enumerate/access some portal files they should not have access to. This vulnerability is fixed in 9.13.8. | ||||
| CVE-2025-32374 | 1 Dnnsoftware | 1 Dotnetnuke | 2025-08-26 | 5.9 Medium |
| DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Possible denial of service with specially crafted information in the public registration form. This vulnerability is fixed in 9.13.8. | ||||
| CVE-2017-9822 | 1 Dnnsoftware | 1 Dotnetnuke | 2025-07-30 | 8.8 High |
| DNN (aka DotNetNuke) before 9.1.1 has Remote Code Execution via a cookie, aka "2017-08 (Critical) Possible remote code execution on DNN sites." | ||||
| CVE-2018-15811 | 1 Dnnsoftware | 1 Dotnetnuke | 2025-07-30 | 7.5 High |
| DNN (aka DotNetNuke) 9.2 through 9.2.1 uses a weak encryption algorithm to protect input parameters. | ||||
| CVE-2018-18325 | 1 Dnnsoftware | 1 Dotnetnuke | 2025-07-30 | 7.5 High |
| DNN (aka DotNetNuke) 9.2 through 9.2.2 uses a weak encryption algorithm to protect input parameters. NOTE: this issue exists because of an incomplete fix for CVE-2018-15811. | ||||
| CVE-2025-52486 | 1 Dnnsoftware | 1 Dnn Platform | 2025-06-27 | N/A |
| DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. In versions 6.0.0 to before 10.0.1, DNN.PLATFORM allows specially crafted content in URLs to be used with TokenReplace and not be properly sanitized by some SkinObjects. This issue has been patched in version 10.0.1. | ||||
| CVE-2022-2922 | 1 Dnnsoftware | 1 Dotnetnuke | 2025-05-20 | 4.9 Medium |
| Relative Path Traversal in GitHub repository dnnsoftware/dnn.platform prior to 9.11.0. | ||||
| CVE-2022-47053 | 1 Dnnsoftware | 1 Dotnetnuke | 2025-02-10 | 5.4 Medium |
| An arbitrary file upload vulnerability in the Digital Assets Manager module of DNN Corp DotNetNuke v7.0.0 to v9.10.2 allows attackers to execute arbitrary code via a crafted SVG file. | ||||
| CVE-2021-40186 | 1 Dnnsoftware | 1 Dotnetnuke | 2024-11-21 | 6.5 Medium |
| The AppCheck research team identified a Server-Side Request Forgery (SSRF) vulnerability within the DNN CMS platform, formerly known as DotNetNuke. SSRF vulnerabilities allow the attacker to exploit the target system to make network requests on their behalf, allowing a range of possible attacks. In the most common scenario, the attacker exploits SSRF vulnerabilities to attack systems behind the firewall and access sensitive information from Cloud Provider metadata services. | ||||
| CVE-2021-31858 | 1 Dnnsoftware | 1 Dotnetnuke | 2024-11-21 | 5.4 Medium |
| DotNetNuke (DNN) 9.9.1 CMS is vulnerable to a Stored Cross-Site Scripting vulnerability in the user profile biography section which allows remote authenticated users to inject arbitrary code via a crafted payload. | ||||
| CVE-2020-5188 | 1 Dnnsoftware | 1 Dotnetnuke | 2024-11-21 | 6.5 Medium |
| DNN (formerly DotNetNuke) through 9.4.4 has Insecure Permissions. | ||||
| CVE-2020-5187 | 1 Dnnsoftware | 1 Dotnetnuke | 2024-11-21 | 8.8 High |
| DNN (formerly DotNetNuke) through 9.4.4 allows Path Traversal (issue 2 of 2). | ||||
| CVE-2020-5186 | 1 Dnnsoftware | 1 Dotnetnuke | 2024-11-21 | 5.4 Medium |
| DNN (formerly DotNetNuke) through 9.4.4 allows XSS (issue 1 of 2). | ||||