Vulnerabilities > Dnnsoftware
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-09-30 | CVE-2022-2922 | Path Traversal vulnerability in Dnnsoftware Dotnetnuke Relative Path Traversal in GitHub repository dnnsoftware/dnn.platform prior to 9.11.0. | 4.9 |
| 2022-06-02 | CVE-2021-40186 | Server-Side Request Forgery (SSRF) vulnerability in Dnnsoftware Dotnetnuke The AppCheck research team identified a Server-Side Request Forgery (SSRF) vulnerability within the DNN CMS platform, formerly known as DotNetNuke. | 5.0 |
| 2020-04-06 | CVE-2020-11585 | Information Exposure vulnerability in Dnnsoftware Dotnetnuke 9.5.0 There is an information disclosure issue in DNN (formerly DotNetNuke) 9.5 within the built-in Activity-Feed/Messaging/Userid/ Message Center module. | 4.0 |
| 2020-02-24 | CVE-2020-5188 | Unrestricted Upload of File with Dangerous Type vulnerability in Dnnsoftware Dotnetnuke DNN (formerly DotNetNuke) through 9.4.4 has Insecure Permissions. | 6.5 |
| 2020-02-24 | CVE-2020-5187 | Path Traversal vulnerability in Dnnsoftware Dotnetnuke DNN (formerly DotNetNuke) through 9.4.4 allows Path Traversal (issue 2 of 2). | 8.8 |
| 2020-02-24 | CVE-2020-5186 | Cross-site Scripting vulnerability in Dnnsoftware Dotnetnuke DNN (formerly DotNetNuke) through 9.4.4 allows XSS (issue 1 of 2). | 5.4 |
| 2019-09-26 | CVE-2019-12562 | Cross-site Scripting vulnerability in Dnnsoftware Dotnetnuke Stored Cross-Site Scripting in DotNetNuke (DNN) Version before 9.4.0 allows remote attackers to store and embed the malicious script into the admin notification page. | 4.3 |
| 2019-07-03 | CVE-2018-18326 | Insufficient Entropy vulnerability in Dnnsoftware Dotnetnuke DNN (aka DotNetNuke) 9.2 through 9.2.2 incorrectly converts encryption key source values, resulting in lower than expected entropy. | 7.5 |
| 2019-07-03 | CVE-2018-18325 | Inadequate Encryption Strength vulnerability in Dnnsoftware Dotnetnuke DNN (aka DotNetNuke) 9.2 through 9.2.2 uses a weak encryption algorithm to protect input parameters. | 7.5 |
| 2019-07-03 | CVE-2018-15812 | Insufficient Entropy vulnerability in Dnnsoftware Dotnetnuke 9.2/9.2.0/9.2.1 DNN (aka DotNetNuke) 9.2 through 9.2.1 incorrectly converts encryption key source values, resulting in lower than expected entropy. | 7.5 |