Vulnerabilities > Dnnsoftware

DATE	CVE	VULNERABILITY TITLE	RISK
2023-04-12	CVE-2022-47053	Cross-site Scripting vulnerability in Dnnsoftware Dotnetnuke An arbitrary file upload vulnerability in the Digital Assets Manager module of DNN Corp DotNetNuke v7.0.0 to v9.10.2 allows attackers to execute arbitrary code via a crafted SVG file. network low complexity dnnsoftware CWE-79	5.4
2022-09-30	CVE-2022-2922	Path Traversal vulnerability in Dnnsoftware Dotnetnuke Relative Path Traversal in GitHub repository dnnsoftware/dnn.platform prior to 9.11.0. network low complexity dnnsoftware CWE-22	4.9
2022-07-20	CVE-2021-31858	Cross-site Scripting vulnerability in Dnnsoftware Dotnetnuke DotNetNuke (DNN) 9.9.1 CMS is vulnerable to a Stored Cross-Site Scripting vulnerability in the user profile biography section which allows remote authenticated users to inject arbitrary code via a crafted payload. network low complexity dnnsoftware CWE-79	5.4
2022-06-02	CVE-2021-40186	Server-Side Request Forgery (SSRF) vulnerability in Dnnsoftware Dotnetnuke The AppCheck research team identified a Server-Side Request Forgery (SSRF) vulnerability within the DNN CMS platform, formerly known as DotNetNuke. network low complexity dnnsoftware CWE-918	7.5
2020-04-06	CVE-2020-11585	Authorization Bypass Through User-Controlled Key vulnerability in Dnnsoftware Dotnetnuke 9.5.0 There is an information disclosure issue in DNN (formerly DotNetNuke) 9.5 within the built-in Activity-Feed/Messaging/Userid/ Message Center module. network low complexity dnnsoftware CWE-639	4.3
2020-02-24	CVE-2020-5188	Unrestricted Upload of File with Dangerous Type vulnerability in Dnnsoftware Dotnetnuke DNN (formerly DotNetNuke) through 9.4.4 has Insecure Permissions. network low complexity dnnsoftware CWE-434	6.5
2020-02-24	CVE-2020-5187	Path Traversal vulnerability in Dnnsoftware Dotnetnuke DNN (formerly DotNetNuke) through 9.4.4 allows Path Traversal (issue 2 of 2). network low complexity dnnsoftware CWE-22	8.8
2020-02-24	CVE-2020-5186	Cross-site Scripting vulnerability in Dnnsoftware Dotnetnuke DNN (formerly DotNetNuke) through 9.4.4 allows XSS (issue 1 of 2). network low complexity dnnsoftware CWE-79	5.4
2019-09-26	CVE-2019-12562	Cross-site Scripting vulnerability in Dnnsoftware Dotnetnuke Stored Cross-Site Scripting in DotNetNuke (DNN) Version before 9.4.0 allows remote attackers to store and embed the malicious script into the admin notification page. network low complexity dnnsoftware CWE-79	6.1
2019-07-03	CVE-2018-18326	Insufficient Entropy vulnerability in Dnnsoftware Dotnetnuke DNN (aka DotNetNuke) 9.2 through 9.2.2 incorrectly converts encryption key source values, resulting in lower than expected entropy. network low complexity dnnsoftware CWE-331	7.5

Vulnerabilities > Dnnsoftware {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Dnnsoftware"}]}

Vulnerabilities > Dnnsoftware