Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
dotnetnuke vulnerabilities and exploits
(subscribe to this query)
6.5
CVSSv3
CVE-2020-5188
DNN (formerly DotNetNuke) up to and including 9.4.4 has Insecure Permissions.
Dnnsoftware Dotnetnuke
7.5
CVSSv3
CVE-2018-18326
DNN (aka DotNetNuke) 9.2 up to and including 9.2.2 incorrectly converts encryption key source values, resulting in lower than expected entropy. NOTE: this issue exists because of an incomplete fix for CVE-2018-15812.
Dnnsoftware Dotnetnuke
6.1
CVSSv3
CVE-2019-12562
Stored Cross-Site Scripting in DotNetNuke (DNN) Version prior to 9.4.0 allows remote malicious users to store and embed the malicious script into the admin notification page. The exploit could be used to perfom any action with admin privileges such as managing content, adding use...
Dnnsoftware Dotnetnuke
1 EDB exploit
1 Github repository
6.1
CVSSv3
CVE-2018-14486
DNN (formerly DotNetNuke) 9.1.1 allows cross-site scripting (XSS) via XML.
Dnnsoftware Dotnetnuke 9.1.1
4.3
CVSSv3
CVE-2020-11585
There is an information disclosure issue in DNN (formerly DotNetNuke) 9.5 within the built-in Activity-Feed/Messaging/Userid/ Message Center module. A registered user is able to enumerate any file in the Admin File Manager (other than ones contained in a secure folder) by sending...
Dnnsoftware Dotnetnuke 9.5.0
9.8
CVSSv3
CVE-2018-9126
The DNNArticle module 11 for DNN (formerly DotNetNuke) allows remote malicious users to read the web.config file, and consequently discover database credentials, via the /GetCSS.ashx/?CP=%2fweb.config URI.
Zldnn Dnnarticle 11
1 EDB exploit
1 Github repository
NA
CVE-2013-5117
SQL injection vulnerability in the RSS page (DNNArticleRSS.aspx) in the ZLDNN DNNArticle module prior to 10.1 for DotNetNuke allows remote malicious users to execute arbitrary SQL commands via the categoryid parameter.
Zldnn Dnnarticle
1 EDB exploit
NA
CVE-2011-1892
Microsoft Office Groove 2007 SP2, SharePoint Workspace 2010 Gold and SP1, Office Forms Server 2007 SP2, Office SharePoint Server 2007 SP2, Office SharePoint Server 2010 Gold and SP1, Office Groove Data Bridge Server 2007 SP2, Office Groove Management Server 2007 SP2, Groove Serve...
Microsoft Sharepoint Workspace 2010
Microsoft Sharepoint Server 2010
Microsoft Office Web Apps 2010
Microsoft Forms Server 2007
Microsoft Groove Server 2010
Microsoft Sharepoint Services 3.0
Microsoft Sharepoint Server 2007
Microsoft Sharepoint Foundation 2010
Microsoft Groove 2007
Microsoft Groove Data Bridge Server 2007
Microsoft Groove Management Server 2007
1 EDB exploit
6.1
CVSSv3
CVE-2018-10138
The CATALooK.netStore module up to and including 7.2.8 for DNN (formerly DotNetNuke) allows XSS via the /ViewEditGoogleMaps.aspx PortalID or CATSkin parameter, or the /ImageViewer.aspx link or desc parameter.
Catalooksupport .netstore
9.8
CVSSv3
CVE-2019-19392
The forDNN.UsersExportImport module prior to 1.2.0 for DNN (formerly DotNetNuke) allows an unprivileged user to import (create) new users with Administrator privileges, as demonstrated by Roles="Administrators" in XML or CSV data.
Fordnn Usersexportimport
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-48654
CVE-2024-2757
authentication bypass
CVE-2024-3194
CVE-2024-33640
CVE-2024-21111
dos
insecure direct object reference
CVE-2024-21345
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5