Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
dotnetnuke dotnetnuke vulnerabilities and exploits
(subscribe to this query)
5.4
CVSSv3
CVE-2021-31858
DotNetNuke (DNN) 9.9.1 CMS is vulnerable to a Stored Cross-Site Scripting vulnerability in the user profile biography section which allows remote authenticated users to inject arbitrary code via a crafted payload.
Dnnsoftware Dotnetnuke
4.9
CVSSv3
CVE-2022-2922
Relative Path Traversal in GitHub repository dnnsoftware/dnn.platform before 9.11.0.
Dnnsoftware Dotnetnuke
7.5
CVSSv3
CVE-2017-0929
DNN (aka DotNetNuke) prior to 9.2.0 suffers from a Server-Side Request Forgery (SSRF) vulnerability in the DnnImageHandler class. Attackers may be able to access information about internal network resources.
Dnnsoftware Dotnetnuke
6.1
CVSSv3
CVE-2018-14486
DNN (formerly DotNetNuke) 9.1.1 allows cross-site scripting (XSS) via XML.
Dnnsoftware Dotnetnuke 9.1.1
4.3
CVSSv3
CVE-2020-11585
There is an information disclosure issue in DNN (formerly DotNetNuke) 9.5 within the built-in Activity-Feed/Messaging/Userid/ Message Center module. A registered user is able to enumerate any file in the Admin File Manager (other than ones contained in a secure folder) by sending...
Dnnsoftware Dotnetnuke 9.5.0
9.8
CVSSv3
CVE-2018-9126
The DNNArticle module 11 for DNN (formerly DotNetNuke) allows remote malicious users to read the web.config file, and consequently discover database credentials, via the /GetCSS.ashx/?CP=%2fweb.config URI.
Zldnn Dnnarticle 11
1 EDB exploit
1 Github repository
NA
CVE-2013-5117
SQL injection vulnerability in the RSS page (DNNArticleRSS.aspx) in the ZLDNN DNNArticle module prior to 10.1 for DotNetNuke allows remote malicious users to execute arbitrary SQL commands via the categoryid parameter.
Zldnn Dnnarticle
1 EDB exploit
NA
CVE-2011-1892
Microsoft Office Groove 2007 SP2, SharePoint Workspace 2010 Gold and SP1, Office Forms Server 2007 SP2, Office SharePoint Server 2007 SP2, Office SharePoint Server 2010 Gold and SP1, Office Groove Data Bridge Server 2007 SP2, Office Groove Management Server 2007 SP2, Groove Serve...
Microsoft Sharepoint Workspace 2010
Microsoft Sharepoint Server 2010
Microsoft Office Web Apps 2010
Microsoft Forms Server 2007
Microsoft Groove Server 2010
Microsoft Sharepoint Services 3.0
Microsoft Sharepoint Server 2007
Microsoft Sharepoint Foundation 2010
Microsoft Groove 2007
Microsoft Groove Data Bridge Server 2007
Microsoft Groove Management Server 2007
1 EDB exploit
6.1
CVSSv3
CVE-2018-10138
The CATALooK.netStore module up to and including 7.2.8 for DNN (formerly DotNetNuke) allows XSS via the /ViewEditGoogleMaps.aspx PortalID or CATSkin parameter, or the /ImageViewer.aspx link or desc parameter.
Catalooksupport .netstore
9.8
CVSSv3
CVE-2019-19392
The forDNN.UsersExportImport module prior to 1.2.0 for DNN (formerly DotNetNuke) allows an unprivileged user to import (create) new users with Administrator privileges, as demonstrated by Roles="Administrators" in XML or CSV data.
Fordnn Usersexportimport
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-36920
buffer overflow
CVE-2024-36913
CVE-2024-5497
CVE-2024-23917
CVE-2024-4956
server-side request forgery
CVE-2024-35468
SSTI
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5