Vulnerabilities > Dnnsoftware > Dotnetnuke

DATE CVE VULNERABILITY TITLE RISK
2022-09-30 CVE-2022-2922 Path Traversal vulnerability in Dnnsoftware Dotnetnuke
Relative Path Traversal in GitHub repository dnnsoftware/dnn.platform prior to 9.11.0.
network
low complexity
dnnsoftware CWE-22
4.9
2022-06-02 CVE-2021-40186 Server-Side Request Forgery (SSRF) vulnerability in Dnnsoftware Dotnetnuke
The AppCheck research team identified a Server-Side Request Forgery (SSRF) vulnerability within the DNN CMS platform, formerly known as DotNetNuke.
network
low complexity
dnnsoftware CWE-918
5.0
2020-04-06 CVE-2020-11585 Information Exposure vulnerability in Dnnsoftware Dotnetnuke 9.5.0
There is an information disclosure issue in DNN (formerly DotNetNuke) 9.5 within the built-in Activity-Feed/Messaging/Userid/ Message Center module.
network
low complexity
dnnsoftware CWE-200
4.0
2020-02-24 CVE-2020-5188 Unrestricted Upload of File with Dangerous Type vulnerability in Dnnsoftware Dotnetnuke
DNN (formerly DotNetNuke) through 9.4.4 has Insecure Permissions.
network
low complexity
dnnsoftware CWE-434
6.5
2020-02-24 CVE-2020-5187 Path Traversal vulnerability in Dnnsoftware Dotnetnuke
DNN (formerly DotNetNuke) through 9.4.4 allows Path Traversal (issue 2 of 2).
network
low complexity
dnnsoftware CWE-22
8.8
2020-02-24 CVE-2020-5186 Cross-site Scripting vulnerability in Dnnsoftware Dotnetnuke
DNN (formerly DotNetNuke) through 9.4.4 allows XSS (issue 1 of 2).
network
low complexity
dnnsoftware CWE-79
5.4
2019-09-26 CVE-2019-12562 Cross-site Scripting vulnerability in Dnnsoftware Dotnetnuke
Stored Cross-Site Scripting in DotNetNuke (DNN) Version before 9.4.0 allows remote attackers to store and embed the malicious script into the admin notification page.
4.3
2019-07-03 CVE-2018-18326 Insufficient Entropy vulnerability in Dnnsoftware Dotnetnuke
DNN (aka DotNetNuke) 9.2 through 9.2.2 incorrectly converts encryption key source values, resulting in lower than expected entropy.
network
low complexity
dnnsoftware CWE-331
7.5
2019-07-03 CVE-2018-18325 Inadequate Encryption Strength vulnerability in Dnnsoftware Dotnetnuke
DNN (aka DotNetNuke) 9.2 through 9.2.2 uses a weak encryption algorithm to protect input parameters.
network
low complexity
dnnsoftware CWE-326
7.5
2019-07-03 CVE-2018-15812 Insufficient Entropy vulnerability in Dnnsoftware Dotnetnuke 9.2/9.2.0/9.2.1
DNN (aka DotNetNuke) 9.2 through 9.2.1 incorrectly converts encryption key source values, resulting in lower than expected entropy.
network
low complexity
dnnsoftware CWE-331
7.5