Vulnerabilities > Dnnsoftware > Dotnetnuke > 7.1.2.210
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-04-12 | CVE-2022-47053 | Cross-site Scripting vulnerability in Dnnsoftware Dotnetnuke An arbitrary file upload vulnerability in the Digital Assets Manager module of DNN Corp DotNetNuke v7.0.0 to v9.10.2 allows attackers to execute arbitrary code via a crafted SVG file. | 5.4 |
| 2022-09-30 | CVE-2022-2922 | Path Traversal vulnerability in Dnnsoftware Dotnetnuke Relative Path Traversal in GitHub repository dnnsoftware/dnn.platform prior to 9.11.0. | 4.9 |
| 2022-07-20 | CVE-2021-31858 | Cross-site Scripting vulnerability in Dnnsoftware Dotnetnuke DotNetNuke (DNN) 9.9.1 CMS is vulnerable to a Stored Cross-Site Scripting vulnerability in the user profile biography section which allows remote authenticated users to inject arbitrary code via a crafted payload. | 5.4 |
| 2022-06-02 | CVE-2021-40186 | Server-Side Request Forgery (SSRF) vulnerability in Dnnsoftware Dotnetnuke The AppCheck research team identified a Server-Side Request Forgery (SSRF) vulnerability within the DNN CMS platform, formerly known as DotNetNuke. | 7.5 |
| 2020-02-24 | CVE-2020-5188 | Unrestricted Upload of File with Dangerous Type vulnerability in Dnnsoftware Dotnetnuke DNN (formerly DotNetNuke) through 9.4.4 has Insecure Permissions. | 6.5 |
| 2020-02-24 | CVE-2020-5187 | Path Traversal vulnerability in Dnnsoftware Dotnetnuke DNN (formerly DotNetNuke) through 9.4.4 allows Path Traversal (issue 2 of 2). | 8.8 |
| 2020-02-24 | CVE-2020-5186 | Cross-site Scripting vulnerability in Dnnsoftware Dotnetnuke DNN (formerly DotNetNuke) through 9.4.4 allows XSS (issue 1 of 2). | 5.4 |
| 2019-09-26 | CVE-2019-12562 | Cross-site Scripting vulnerability in Dnnsoftware Dotnetnuke Stored Cross-Site Scripting in DotNetNuke (DNN) Version before 9.4.0 allows remote attackers to store and embed the malicious script into the admin notification page. | 6.1 |
| 2018-07-03 | CVE-2017-0929 | Server-Side Request Forgery (SSRF) vulnerability in Dnnsoftware Dotnetnuke DNN (aka DotNetNuke) before 9.2.0 suffers from a Server-Side Request Forgery (SSRF) vulnerability in the DnnImageHandler class. | 7.5 |
| 2017-07-20 | CVE-2017-9822 | Code Injection vulnerability in Dnnsoftware Dotnetnuke DNN (aka DotNetNuke) before 9.1.1 has Remote Code Execution via a cookie, aka "2017-08 (Critical) Possible remote code execution on DNN sites." | 8.8 |