Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Dotnetnuke
(Dnnsoftware)Repositories | https://github.com/dnnsoftware/Dnn.Platform |
#Vulnerabilities | 16 |
Date | Id | Summary | Products | Score | Patch | Annotated |
---|---|---|---|---|---|---|
2020-02-24 | CVE-2020-5186 | DNN (formerly DotNetNuke) through 9.4.4 allows XSS (issue 1 of 2). | Dotnetnuke | 5.4 | ||
2020-02-24 | CVE-2020-5187 | DNN (formerly DotNetNuke) through 9.4.4 allows Path Traversal (issue 2 of 2). | Dotnetnuke | 8.8 | ||
2020-02-24 | CVE-2020-5188 | DNN (formerly DotNetNuke) through 9.4.4 has Insecure Permissions. | Dotnetnuke | 6.5 | ||
2023-04-12 | CVE-2022-47053 | An arbitrary file upload vulnerability in the Digital Assets Manager module of DNN Corp DotNetNuke v7.0.0 to v9.10.2 allows attackers to execute arbitrary code via a crafted SVG file. | Dotnetnuke | 5.4 | ||
2019-07-03 | CVE-2018-15811 | DNN (aka DotNetNuke) 9.2 through 9.2.1 uses a weak encryption algorithm to protect input parameters. | Dotnetnuke | 7.5 | ||
2019-07-03 | CVE-2018-15812 | DNN (aka DotNetNuke) 9.2 through 9.2.1 incorrectly converts encryption key source values, resulting in lower than expected entropy. | Dotnetnuke | 7.5 | ||
2019-07-03 | CVE-2018-18325 | DNN (aka DotNetNuke) 9.2 through 9.2.2 uses a weak encryption algorithm to protect input parameters. NOTE: this issue exists because of an incomplete fix for CVE-2018-15811. | Dotnetnuke | 7.5 | ||
2019-07-03 | CVE-2018-18326 | DNN (aka DotNetNuke) 9.2 through 9.2.2 incorrectly converts encryption key source values, resulting in lower than expected entropy. NOTE: this issue exists because of an incomplete fix for CVE-2018-15812. | Dotnetnuke | 7.5 | ||
2022-09-30 | CVE-2022-2922 | Relative Path Traversal in GitHub repository dnnsoftware/dnn.platform prior to 9.11.0. | Dotnetnuke | 4.9 | ||
2022-07-20 | CVE-2021-31858 | DotNetNuke (DNN) 9.9.1 CMS is vulnerable to a Stored Cross-Site Scripting vulnerability in the user profile biography section which allows remote authenticated users to inject arbitrary code via a crafted payload. | Dotnetnuke | 5.4 |