Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
dotnetnuke vulnerabilities and exploits
(subscribe to this query)
3.5
CVSSv2
CVE-2020-5186
DNN (formerly DotNetNuke) up to and including 9.4.4 allows XSS (issue 1 of 2).
Dnnsoftware Dotnetnuke
5
CVSSv2
CVE-2018-18326
DNN (aka DotNetNuke) 9.2 up to and including 9.2.2 incorrectly converts encryption key source values, resulting in lower than expected entropy. NOTE: this issue exists because of an incomplete fix for CVE-2018-15812.
Dnnsoftware Dotnetnuke
NA
CVE-2022-47053
An arbitrary file upload vulnerability in the Digital Assets Manager module of DNN Corp DotNetNuke v7.0.0 to v9.10.2 allows malicious users to execute arbitrary code via a crafted SVG file.
Dnnsoftware Dotnetnuke
6.5
CVSSv2
CVE-2017-9822
DNN (aka DotNetNuke) prior to 9.1.1 has Remote Code Execution via a cookie, aka "2017-08 (Critical) Possible remote code execution on DNN sites."
Dnnsoftware Dotnetnuke
13 Github repositories
6.5
CVSSv2
CVE-2020-5187
DNN (formerly DotNetNuke) up to and including 9.4.4 allows Path Traversal (issue 2 of 2).
Dnnsoftware Dotnetnuke
4
CVSSv2
CVE-2020-5188
DNN (formerly DotNetNuke) up to and including 9.4.4 has Insecure Permissions.
Dnnsoftware Dotnetnuke
5
CVSSv2
CVE-2018-15812
DNN (aka DotNetNuke) 9.2 up to and including 9.2.1 incorrectly converts encryption key source values, resulting in lower than expected entropy.
Dnnsoftware Dotnetnuke
NA
CVE-2021-31858
DotNetNuke (DNN) 9.9.1 CMS is vulnerable to a Stored Cross-Site Scripting vulnerability in the user profile biography section which allows remote authenticated users to inject arbitrary code via a crafted payload.
Dnnsoftware Dotnetnuke
5
CVSSv2
CVE-2018-15811
DNN (aka DotNetNuke) 9.2 up to and including 9.2.1 uses a weak encryption algorithm to protect input parameters.
Dnnsoftware Dotnetnuke
NA
CVE-2022-2922
Relative Path Traversal in GitHub repository dnnsoftware/dnn.platform before 9.11.0.
Dnnsoftware Dotnetnuke
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
blind SQL injection
SSRF
buffer overflow
CVE-2023-28952
CVE-2023-41822
CVE-2024-27956
CVE-2023-7028
CVE-2024-34447
CVE-2024-34460
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
NEXT »