Skip to main content

Dotnetnuke

32 CVEs product

Monthly

CVE-2020-37103 MEDIUM POC This Month

DotNetNuke 9.5 contains a persistent cross-site scripting vulnerability that allows normal users to upload malicious XML files with executable scripts through journal tools. [CVSS 6.4 MEDIUM]

.NET XSS CSRF Dotnetnuke
NVD Exploit-DB
CVSS 3.1
6.4
EPSS
0.1%
CVE-2026-24838 NuGet CRITICAL PATCH Act Now

DNN (DotNetNuke) CMS has a stored XSS vulnerability (CVSS 9.1) allowing persistent script injection that executes for all users viewing the affected content.

.NET Dotnetnuke
NVD GitHub
CVSS 3.1
9.1
EPSS
0.0%
CVE-2026-24837 NuGet HIGH PATCH This Week

Stored cross-site scripting in DNN versions 9.0.0 through 9.13.9 and 10.0.0 through 10.1.x allows high-privileged users with UI interaction to inject malicious scripts into module friendly names that execute within the Persona Bar administrative interface. An authenticated attacker with sufficient permissions could exploit this to perform administrative actions or compromise other users' sessions. No patch is currently available for affected versions.

.NET Dotnetnuke
NVD GitHub
CVSS 3.1
7.6
EPSS
0.0%
CVE-2026-24836 NuGet HIGH PATCH This Week

Stored cross-site scripting in DNN versions 9.0.0 through 9.13.9 and 10.0.0 through 10.1.x allows authenticated administrators with high privileges to inject malicious scripts into log notes that execute within the PersonaBar interface. An attacker with admin credentials could perform actions as the victim or steal session data when the logs are viewed. Upgrade to DNN 9.13.10 or 10.2.0 to remediate this vulnerability.

.NET Dotnetnuke
NVD GitHub
CVSS 3.1
7.6
EPSS
0.0%
CVE-2026-24833 HIGH This Week

DotNetNuke versions prior to 9.13.10 and 10.2.0 allow arbitrary script execution in the Persona Bar administrative interface through unsanitized richtext content in module descriptions. An authenticated attacker with module installation privileges can inject malicious scripts that execute in the context of administrative users, potentially compromising sensitive data or administrative functions. This vulnerability requires high privileges and user interaction to exploit, with no public patch currently available for affected versions.

.NET Dotnetnuke
NVD GitHub
CVSS 3.1
7.6
EPSS
0.0%
CVE-2026-24784 NuGet MEDIUM PATCH This Month

Stored cross-site scripting in DNN versions 9.0.0 through 10.1.x allows content editors to inject malicious scripts into module headers and footers that execute in the browsers of other users. An authenticated editor with content creation privileges can exploit this to steal session tokens, perform actions on behalf of other users, or redirect them to malicious sites. Updates to version 9.13.10 or 10.2.0 are required to remediate the vulnerability.

.NET Dotnetnuke
NVD GitHub
CVSS 3.1
6.8
EPSS
0.0%
CVE-2025-59821 NuGet MEDIUM PATCH This Month

DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft XSS Dotnetnuke
NVD GitHub
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-59548 MEDIUM This Month

DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Microsoft XSS Dotnetnuke
NVD GitHub
CVSS 4.0
5.9
EPSS
0.0%
CVE-2025-59547 MEDIUM This Month

DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload Microsoft Dotnetnuke
NVD GitHub
CVSS 3.1
5.3
EPSS
0.1%
CVE-2025-59546 NuGet LOW PATCH Monitor

DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Rated low severity (CVSS 2.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Microsoft XSS Dotnetnuke
NVD GitHub
CVSS 3.1
2.4
EPSS
0.0%
CVE-2025-59545 NuGet CRITICAL PATCH This Week

DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Microsoft XSS Dotnetnuke
NVD GitHub
CVSS 3.1
9.0
EPSS
0.0%
CVE-2025-59539 NuGet MEDIUM PATCH This Month

DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Microsoft XSS Dotnetnuke
NVD GitHub
CVSS 3.1
6.3
EPSS
0.0%
CVE-2025-59535 NuGet MEDIUM PATCH This Month

DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Microsoft Information Disclosure Dotnetnuke
NVD GitHub
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-52488 NuGet HIGH POC PATCH THREAT Act Now

DNN (DotNetNuke) CMS versions 6.0.0 through 10.0.0 contain a vulnerability that can expose NTLM hashes to a third-party SMB server. Through a specially crafted series of interactions, an attacker can force the DNN server to authenticate to an attacker-controlled SMB server, capturing NTLM credential hashes for offline cracking.

Microsoft Information Disclosure Dotnetnuke
NVD GitHub
CVSS 3.1
8.6
EPSS
14.8%
CVE-2025-52487 NuGet HIGH PATCH This Week

CVE-2025-52487 is an authentication bypass vulnerability in DNN (DotNetNuke) versions 7.0.0 through 10.0.0 that allows attackers to circumvent IP-based login filters by crafting specially designed requests or using proxy techniques. An unauthenticated remote attacker can bypass IP whitelist restrictions to attempt logins from unauthorized locations, potentially gaining unauthorized access to administrative accounts. The vulnerability has been patched in version 10.0.1 and carries a CVSS 7.5 score reflecting high integrity impact, though no public exploitation or active KEV listing has been reported at this time.

Microsoft Authentication Bypass Dotnetnuke
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-52486 NuGet MEDIUM PATCH This Month

DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. In versions 6.0.0 to before 10.0.1, DNN.PLATFORM allows specially crafted content in URLs to be used with TokenReplace and not be properly sanitized by some SkinObjects. This issue has been patched in version 10.0.1.

Microsoft XSS Dotnetnuke
NVD GitHub
CVSS 3.1
6.1
EPSS
0.0%
CVE-2025-52485 NuGet MEDIUM PATCH This Month

DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. In versions 6.0.0 to before 10.0.1, DNN.PLATFORM allows a specially crafted request to inject scripts in the Activity Feed Attachments endpoint which will then render in the feed. This issue has been patched in version 10.0.1.

Microsoft XSS Dotnetnuke
NVD GitHub
CVSS 3.1
5.4
EPSS
0.0%
CVE-2025-48378 NuGet MEDIUM PATCH This Month

DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

Microsoft XSS Dotnetnuke
NVD GitHub
CVSS 4.0
6.1
EPSS
0.1%
CVE-2025-48377 NuGet MEDIUM PATCH This Month

DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Rated medium severity (CVSS 6.0), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

Microsoft XSS Dotnetnuke
NVD GitHub
CVSS 4.0
6.0
EPSS
0.1%
CVE-2025-48376 NuGet LOW PATCH Monitor

DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable, low attack complexity.

Microsoft Information Disclosure Dotnetnuke
NVD GitHub
CVSS 3.1
3.5
EPSS
0.1%
CVE-2025-32374 MEDIUM This Month

DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Microsoft Denial Of Service Dotnetnuke
NVD GitHub
CVSS 3.1
5.9
EPSS
0.3%
CVE-2025-32373 MEDIUM This Month

DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Microsoft Authentication Bypass Dotnetnuke
NVD GitHub
CVSS 3.1
6.5
EPSS
0.2%
CVE-2025-32372 NuGet MEDIUM PATCH This Month

DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

Microsoft SSRF Dotnetnuke
NVD GitHub
CVSS 3.1
6.5
EPSS
0.4%
CVE-2025-32371 MEDIUM PATCH This Month

DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Microsoft Information Disclosure Dotnetnuke
NVD GitHub
CVSS 3.1
4.3
EPSS
0.2%
CVE-2025-32036 MEDIUM PATCH This Month

DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Rated medium severity (CVSS 4.2), this vulnerability is remotely exploitable, no authentication required.

Microsoft Information Disclosure Dotnetnuke
NVD GitHub
CVSS 3.1
4.2
EPSS
0.2%
CVE-2025-32035 LOW PATCH Monitor

DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Rated low severity (CVSS 2.6), this vulnerability is remotely exploitable.

Microsoft Information Disclosure Dotnetnuke
NVD GitHub
CVSS 3.1
2.6
EPSS
0.1%
CVE-2022-2922 NuGet MEDIUM POC PATCH This Month

Relative Path Traversal in GitHub repository dnnsoftware/dnn.platform prior to 9.11.0. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Path Traversal Dotnetnuke
NVD GitHub
CVSS 3.1
4.9
EPSS
1.0%
CVE-2020-11585 MEDIUM POC This Month

There is an information disclosure issue in DNN (formerly DotNetNuke) 9.5 within the built-in Activity-Feed/Messaging/Userid/ Message Center module. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Dotnetnuke
NVD
CVSS 3.1
4.3
EPSS
0.7%
CVE-2020-5188 NuGet MEDIUM POC This Month

DNN (formerly DotNetNuke) through 9.4.4 has Insecure Permissions. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Dotnetnuke
NVD GitHub
CVSS 3.1
6.5
EPSS
1.8%
CVE-2020-5187 NuGet HIGH POC PATCH This Week

DNN (formerly DotNetNuke) through 9.4.4 allows Path Traversal (issue 2 of 2). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Dotnetnuke
NVD GitHub
CVSS 3.1
8.8
EPSS
2.4%
CVE-2020-5186 NuGet MEDIUM POC This Month

DNN (formerly DotNetNuke) through 9.4.4 allows XSS (issue 1 of 2). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Dotnetnuke
NVD GitHub
CVSS 3.1
5.4
EPSS
0.9%
CVE-2019-12562 NuGet MEDIUM POC PATCH This Month

Stored Cross-Site Scripting in DotNetNuke (DNN) Version before 9.4.0 allows remote attackers to store and embed the malicious script into the admin notification page. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Dotnetnuke
NVD Exploit-DB
CVSS 3.1
6.1
EPSS
6.2%
EPSS 0% CVSS 6.4
MEDIUM POC This Month

DotNetNuke 9.5 contains a persistent cross-site scripting vulnerability that allows normal users to upload malicious XML files with executable scripts through journal tools. [CVSS 6.4 MEDIUM]

.NET XSS CSRF +1
NVD Exploit-DB
EPSS 0% CVSS 9.1
CRITICAL PATCH Act Now

DNN (DotNetNuke) CMS has a stored XSS vulnerability (CVSS 9.1) allowing persistent script injection that executes for all users viewing the affected content.

.NET Dotnetnuke
NVD GitHub
EPSS 0% CVSS 7.6
HIGH PATCH This Week

Stored cross-site scripting in DNN versions 9.0.0 through 9.13.9 and 10.0.0 through 10.1.x allows high-privileged users with UI interaction to inject malicious scripts into module friendly names that execute within the Persona Bar administrative interface. An authenticated attacker with sufficient permissions could exploit this to perform administrative actions or compromise other users' sessions. No patch is currently available for affected versions.

.NET Dotnetnuke
NVD GitHub
EPSS 0% CVSS 7.6
HIGH PATCH This Week

Stored cross-site scripting in DNN versions 9.0.0 through 9.13.9 and 10.0.0 through 10.1.x allows authenticated administrators with high privileges to inject malicious scripts into log notes that execute within the PersonaBar interface. An attacker with admin credentials could perform actions as the victim or steal session data when the logs are viewed. Upgrade to DNN 9.13.10 or 10.2.0 to remediate this vulnerability.

.NET Dotnetnuke
NVD GitHub
EPSS 0% CVSS 7.6
HIGH This Week

DotNetNuke versions prior to 9.13.10 and 10.2.0 allow arbitrary script execution in the Persona Bar administrative interface through unsanitized richtext content in module descriptions. An authenticated attacker with module installation privileges can inject malicious scripts that execute in the context of administrative users, potentially compromising sensitive data or administrative functions. This vulnerability requires high privileges and user interaction to exploit, with no public patch currently available for affected versions.

.NET Dotnetnuke
NVD GitHub
EPSS 0% CVSS 6.8
MEDIUM PATCH This Month

Stored cross-site scripting in DNN versions 9.0.0 through 10.1.x allows content editors to inject malicious scripts into module headers and footers that execute in the browsers of other users. An authenticated editor with content creation privileges can exploit this to steal session tokens, perform actions on behalf of other users, or redirect them to malicious sites. Updates to version 9.13.10 or 10.2.0 are required to remediate the vulnerability.

.NET Dotnetnuke
NVD GitHub
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft XSS Dotnetnuke
NVD GitHub
EPSS 0% CVSS 5.9
MEDIUM This Month

DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Microsoft XSS Dotnetnuke
NVD GitHub
EPSS 0% CVSS 5.3
MEDIUM This Month

DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload Microsoft Dotnetnuke
NVD GitHub
EPSS 0% CVSS 2.4
LOW PATCH Monitor

DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Rated low severity (CVSS 2.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Microsoft XSS Dotnetnuke
NVD GitHub
EPSS 0% CVSS 9.0
CRITICAL PATCH This Week

DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Microsoft XSS Dotnetnuke
NVD GitHub
EPSS 0% CVSS 6.3
MEDIUM PATCH This Month

DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Microsoft XSS Dotnetnuke
NVD GitHub
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Microsoft Information Disclosure Dotnetnuke
NVD GitHub
EPSS 15% CVSS 8.6
HIGH POC PATCH THREAT Act Now

DNN (DotNetNuke) CMS versions 6.0.0 through 10.0.0 contain a vulnerability that can expose NTLM hashes to a third-party SMB server. Through a specially crafted series of interactions, an attacker can force the DNN server to authenticate to an attacker-controlled SMB server, capturing NTLM credential hashes for offline cracking.

Microsoft Information Disclosure Dotnetnuke
NVD GitHub
EPSS 0% CVSS 7.5
HIGH PATCH This Week

CVE-2025-52487 is an authentication bypass vulnerability in DNN (DotNetNuke) versions 7.0.0 through 10.0.0 that allows attackers to circumvent IP-based login filters by crafting specially designed requests or using proxy techniques. An unauthenticated remote attacker can bypass IP whitelist restrictions to attempt logins from unauthorized locations, potentially gaining unauthorized access to administrative accounts. The vulnerability has been patched in version 10.0.1 and carries a CVSS 7.5 score reflecting high integrity impact, though no public exploitation or active KEV listing has been reported at this time.

Microsoft Authentication Bypass Dotnetnuke
NVD GitHub
EPSS 0% CVSS 6.1
MEDIUM PATCH This Month

DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. In versions 6.0.0 to before 10.0.1, DNN.PLATFORM allows specially crafted content in URLs to be used with TokenReplace and not be properly sanitized by some SkinObjects. This issue has been patched in version 10.0.1.

Microsoft XSS Dotnetnuke
NVD GitHub
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. In versions 6.0.0 to before 10.0.1, DNN.PLATFORM allows a specially crafted request to inject scripts in the Activity Feed Attachments endpoint which will then render in the feed. This issue has been patched in version 10.0.1.

Microsoft XSS Dotnetnuke
NVD GitHub
EPSS 0% CVSS 6.1
MEDIUM PATCH This Month

DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

Microsoft XSS Dotnetnuke
NVD GitHub
EPSS 0% CVSS 6.0
MEDIUM PATCH This Month

DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Rated medium severity (CVSS 6.0), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

Microsoft XSS Dotnetnuke
NVD GitHub
EPSS 0% CVSS 3.5
LOW PATCH Monitor

DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable, low attack complexity.

Microsoft Information Disclosure Dotnetnuke
NVD GitHub
EPSS 0% CVSS 5.9
MEDIUM This Month

DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Microsoft Denial Of Service Dotnetnuke
NVD GitHub
EPSS 0% CVSS 6.5
MEDIUM This Month

DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Microsoft Authentication Bypass Dotnetnuke
NVD GitHub
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

Microsoft SSRF Dotnetnuke
NVD GitHub
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Microsoft Information Disclosure Dotnetnuke
NVD GitHub
EPSS 0% CVSS 4.2
MEDIUM PATCH This Month

DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Rated medium severity (CVSS 4.2), this vulnerability is remotely exploitable, no authentication required.

Microsoft Information Disclosure Dotnetnuke
NVD GitHub
EPSS 0% CVSS 2.6
LOW PATCH Monitor

DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Rated low severity (CVSS 2.6), this vulnerability is remotely exploitable.

Microsoft Information Disclosure Dotnetnuke
NVD GitHub
EPSS 1% CVSS 4.9
MEDIUM POC PATCH This Month

Relative Path Traversal in GitHub repository dnnsoftware/dnn.platform prior to 9.11.0. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Path Traversal Dotnetnuke
NVD GitHub
EPSS 1% CVSS 4.3
MEDIUM POC This Month

There is an information disclosure issue in DNN (formerly DotNetNuke) 9.5 within the built-in Activity-Feed/Messaging/Userid/ Message Center module. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Dotnetnuke
NVD
EPSS 2% CVSS 6.5
MEDIUM POC This Month

DNN (formerly DotNetNuke) through 9.4.4 has Insecure Permissions. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Dotnetnuke
NVD GitHub
EPSS 2% CVSS 8.8
HIGH POC PATCH This Week

DNN (formerly DotNetNuke) through 9.4.4 allows Path Traversal (issue 2 of 2). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Dotnetnuke
NVD GitHub
EPSS 1% CVSS 5.4
MEDIUM POC This Month

DNN (formerly DotNetNuke) through 9.4.4 allows XSS (issue 1 of 2). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Dotnetnuke
NVD GitHub
EPSS 6% CVSS 6.1
MEDIUM POC PATCH This Month

Stored Cross-Site Scripting in DotNetNuke (DNN) Version before 9.4.0 allows remote attackers to store and embed the malicious script into the admin notification page. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Dotnetnuke
NVD Exploit-DB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy