Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
dnnsoftware dotnetnuke vulnerabilities and exploits
(subscribe to this query)
5.4
CVSSv3
CVE-2022-47053
An arbitrary file upload vulnerability in the Digital Assets Manager module of DNN Corp DotNetNuke v7.0.0 to v9.10.2 allows malicious users to execute arbitrary code via a crafted SVG file.
Dnnsoftware Dotnetnuke
4.9
CVSSv3
CVE-2022-2922
Relative Path Traversal in GitHub repository dnnsoftware/dnn.platform before 9.11.0.
Dnnsoftware Dotnetnuke
7.5
CVSSv3
CVE-2018-15812
DNN (aka DotNetNuke) 9.2 up to and including 9.2.1 incorrectly converts encryption key source values, resulting in lower than expected entropy.
Dnnsoftware Dotnetnuke
7.5
CVSSv3
CVE-2018-15811
DNN (aka DotNetNuke) 9.2 up to and including 9.2.1 uses a weak encryption algorithm to protect input parameters.
Dnnsoftware Dotnetnuke
5.4
CVSSv3
CVE-2021-31858
DotNetNuke (DNN) 9.9.1 CMS is vulnerable to a Stored Cross-Site Scripting vulnerability in the user profile biography section which allows remote authenticated users to inject arbitrary code via a crafted payload.
Dnnsoftware Dotnetnuke
7.5
CVSSv3
CVE-2021-40186
The AppCheck research team identified a Server-Side Request Forgery (SSRF) vulnerability within the DNN CMS platform, formerly known as DotNetNuke. SSRF vulnerabilities allow the malicious user to exploit the target system to make network requests on their behalf, allowing a rang...
Dnnsoftware Dotnetnuke
6.5
CVSSv3
CVE-2020-5188
DNN (formerly DotNetNuke) up to and including 9.4.4 has Insecure Permissions.
Dnnsoftware Dotnetnuke
6.1
CVSSv3
CVE-2019-12562
Stored Cross-Site Scripting in DotNetNuke (DNN) Version prior to 9.4.0 allows remote malicious users to store and embed the malicious script into the admin notification page. The exploit could be used to perfom any action with admin privileges such as managing content, adding use...
Dnnsoftware Dotnetnuke
1 EDB exploit
1 Github repository
8.8
CVSSv3
CVE-2020-5187
DNN (formerly DotNetNuke) up to and including 9.4.4 allows Path Traversal (issue 2 of 2).
Dnnsoftware Dotnetnuke
7.5
CVSSv3
CVE-2017-0929
DNN (aka DotNetNuke) prior to 9.2.0 suffers from a Server-Side Request Forgery (SSRF) vulnerability in the DnnImageHandler class. Attackers may be able to access information about internal network resources.
Dnnsoftware Dotnetnuke
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
blind SQL injection
firmware
CVE-2006-4304
CVE-2024-32878
CVE-2024-31502
XSS
CVE-2024-3059
CVE-2024-33692
CVE-2024-3400
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »