Product:

Dotnetnuke

(Dnnsoftware)
Repositories https://github.com/dnnsoftware/Dnn.Platform
#Vulnerabilities 16
Date Id Summary Products Score Patch Annotated
2020-02-24 CVE-2020-5186 DNN (formerly DotNetNuke) through 9.4.4 allows XSS (issue 1 of 2). Dotnetnuke 5.4
2020-02-24 CVE-2020-5187 DNN (formerly DotNetNuke) through 9.4.4 allows Path Traversal (issue 2 of 2). Dotnetnuke 8.8
2020-02-24 CVE-2020-5188 DNN (formerly DotNetNuke) through 9.4.4 has Insecure Permissions. Dotnetnuke 6.5
2023-04-12 CVE-2022-47053 An arbitrary file upload vulnerability in the Digital Assets Manager module of DNN Corp DotNetNuke v7.0.0 to v9.10.2 allows attackers to execute arbitrary code via a crafted SVG file. Dotnetnuke 5.4
2019-07-03 CVE-2018-15811 DNN (aka DotNetNuke) 9.2 through 9.2.1 uses a weak encryption algorithm to protect input parameters. Dotnetnuke 7.5
2019-07-03 CVE-2018-15812 DNN (aka DotNetNuke) 9.2 through 9.2.1 incorrectly converts encryption key source values, resulting in lower than expected entropy. Dotnetnuke 7.5
2019-07-03 CVE-2018-18325 DNN (aka DotNetNuke) 9.2 through 9.2.2 uses a weak encryption algorithm to protect input parameters. NOTE: this issue exists because of an incomplete fix for CVE-2018-15811. Dotnetnuke 7.5
2019-07-03 CVE-2018-18326 DNN (aka DotNetNuke) 9.2 through 9.2.2 incorrectly converts encryption key source values, resulting in lower than expected entropy. NOTE: this issue exists because of an incomplete fix for CVE-2018-15812. Dotnetnuke 7.5
2022-09-30 CVE-2022-2922 Relative Path Traversal in GitHub repository dnnsoftware/dnn.platform prior to 9.11.0. Dotnetnuke 4.9
2022-07-20 CVE-2021-31858 DotNetNuke (DNN) 9.9.1 CMS is vulnerable to a Stored Cross-Site Scripting vulnerability in the user profile biography section which allows remote authenticated users to inject arbitrary code via a crafted payload. Dotnetnuke 5.4