Vulnerabilities > Dnnsoftware > Dotnetnuke > 7.1.2.167
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2022-09-30 | CVE-2022-2922 | Path Traversal vulnerability in Dnnsoftware Dotnetnuke Relative Path Traversal in GitHub repository dnnsoftware/dnn.platform prior to 9.11.0. | 4.9 |
2022-06-02 | CVE-2021-40186 | Server-Side Request Forgery (SSRF) vulnerability in Dnnsoftware Dotnetnuke The AppCheck research team identified a Server-Side Request Forgery (SSRF) vulnerability within the DNN CMS platform, formerly known as DotNetNuke. | 5.0 |
2020-02-24 | CVE-2020-5188 | Unrestricted Upload of File with Dangerous Type vulnerability in Dnnsoftware Dotnetnuke DNN (formerly DotNetNuke) through 9.4.4 has Insecure Permissions. | 6.5 |
2020-02-24 | CVE-2020-5187 | Path Traversal vulnerability in Dnnsoftware Dotnetnuke DNN (formerly DotNetNuke) through 9.4.4 allows Path Traversal (issue 2 of 2). | 8.8 |
2020-02-24 | CVE-2020-5186 | Cross-site Scripting vulnerability in Dnnsoftware Dotnetnuke DNN (formerly DotNetNuke) through 9.4.4 allows XSS (issue 1 of 2). | 5.4 |
2019-09-26 | CVE-2019-12562 | Cross-site Scripting vulnerability in Dnnsoftware Dotnetnuke Stored Cross-Site Scripting in DotNetNuke (DNN) Version before 9.4.0 allows remote attackers to store and embed the malicious script into the admin notification page. | 4.3 |
2018-07-03 | CVE-2017-0929 | Server-Side Request Forgery (SSRF) vulnerability in Dnnsoftware Dotnetnuke DNN (aka DotNetNuke) before 9.2.0 suffers from a Server-Side Request Forgery (SSRF) vulnerability in the DnnImageHandler class. | 5.0 |
2017-07-20 | CVE-2017-9822 | Improper Input Validation vulnerability in Dnnsoftware Dotnetnuke DNN (aka DotNetNuke) before 9.1.1 has Remote Code Execution via a cookie, aka "2017-08 (Critical) Possible remote code execution on DNN sites." | 6.5 |