Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Dotnetnuke
(Dnnsoftware)| Repositories | https://github.com/dnnsoftware/Dnn.Platform |
| #Vulnerabilities | 16 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2019-07-03 | CVE-2018-15811 | DNN (aka DotNetNuke) 9.2 through 9.2.1 uses a weak encryption algorithm to protect input parameters. | Dotnetnuke | 7.5 | ||
| 2019-07-03 | CVE-2018-18325 | DNN (aka DotNetNuke) 9.2 through 9.2.2 uses a weak encryption algorithm to protect input parameters. NOTE: this issue exists because of an incomplete fix for CVE-2018-15811. | Dotnetnuke | 7.5 | ||
| 2017-07-20 | CVE-2017-9822 | DNN (aka DotNetNuke) before 9.1.1 has Remote Code Execution via a cookie, aka "2017-08 (Critical) Possible remote code execution on DNN sites." | Dotnetnuke | 8.8 | ||
| 2023-04-12 | CVE-2022-47053 | An arbitrary file upload vulnerability in the Digital Assets Manager module of DNN Corp DotNetNuke v7.0.0 to v9.10.2 allows attackers to execute arbitrary code via a crafted SVG file. | Dotnetnuke | 5.4 | ||
| 2020-02-24 | CVE-2020-5186 | DNN (formerly DotNetNuke) through 9.4.4 allows XSS (issue 1 of 2). | Dotnetnuke | 5.4 | ||
| 2020-02-24 | CVE-2020-5187 | DNN (formerly DotNetNuke) through 9.4.4 allows Path Traversal (issue 2 of 2). | Dotnetnuke | 8.8 | ||
| 2020-02-24 | CVE-2020-5188 | DNN (formerly DotNetNuke) through 9.4.4 has Insecure Permissions. | Dotnetnuke | 6.5 | ||
| 2022-06-02 | CVE-2021-40186 | The AppCheck research team identified a Server-Side Request Forgery (SSRF) vulnerability within the DNN CMS platform, formerly known as DotNetNuke. SSRF vulnerabilities allow the attacker to exploit the target system to make network requests on their behalf, allowing a range of possible attacks. In the most common scenario, the attacker exploits SSRF vulnerabilities to attack systems behind the firewall and access sensitive information from Cloud Provider metadata services. | Dotnetnuke | 7.5 | ||
| 2022-07-20 | CVE-2021-31858 | DotNetNuke (DNN) 9.9.1 CMS is vulnerable to a Stored Cross-Site Scripting vulnerability in the user profile biography section which allows remote authenticated users to inject arbitrary code via a crafted payload. | Dotnetnuke | 5.4 | ||
| 2022-09-30 | CVE-2022-2922 | Relative Path Traversal in GitHub repository dnnsoftware/dnn.platform prior to 9.11.0. | Dotnetnuke | 4.9 |