Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
dnnsoftware vulnerabilities and exploits
(subscribe to this query)
6.5
CVSSv2
CVE-2017-9822
DNN (aka DotNetNuke) prior to 9.1.1 has Remote Code Execution via a cookie, aka "2017-08 (Critical) Possible remote code execution on DNN sites."
Dnnsoftware Dotnetnuke
13 Github repositories
NA
CVE-2021-31858
DotNetNuke (DNN) 9.9.1 CMS is vulnerable to a Stored Cross-Site Scripting vulnerability in the user profile biography section which allows remote authenticated users to inject arbitrary code via a crafted payload.
Dnnsoftware Dotnetnuke
5
CVSSv2
CVE-2018-18325
DNN (aka DotNetNuke) 9.2 up to and including 9.2.2 uses a weak encryption algorithm to protect input parameters. NOTE: this issue exists because of an incomplete fix for CVE-2018-15811.
Dnnsoftware Dotnetnuke
5
CVSSv2
CVE-2018-18326
DNN (aka DotNetNuke) 9.2 up to and including 9.2.2 incorrectly converts encryption key source values, resulting in lower than expected entropy. NOTE: this issue exists because of an incomplete fix for CVE-2018-15812.
Dnnsoftware Dotnetnuke
4.3
CVSSv2
CVE-2018-14486
DNN (formerly DotNetNuke) 9.1.1 allows cross-site scripting (XSS) via XML.
Dnnsoftware Dotnetnuke 9.1.1
4
CVSSv2
CVE-2020-11585
There is an information disclosure issue in DNN (formerly DotNetNuke) 9.5 within the built-in Activity-Feed/Messaging/Userid/ Message Center module. A registered user is able to enumerate any file in the Admin File Manager (other than ones contained in a secure folder) by sending...
Dnnsoftware Dotnetnuke 9.5.0
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-5248
CVE-2024-3110
CVE-2024-5552
CVE-2024-29415
HTML injection
CVE-2024-3095
TCP
type confusion
CVE-2024-1800
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2