Vulnerabilities > Dnnsoftware > Dotnetnuke

DATE CVE VULNERABILITY TITLE RISK
2019-07-03 CVE-2018-15811 Inadequate Encryption Strength vulnerability in Dnnsoftware Dotnetnuke 9.2/9.2.0/9.2.1
DNN (aka DotNetNuke) 9.2 through 9.2.1 uses a weak encryption algorithm to protect input parameters.
network
low complexity
dnnsoftware CWE-326
7.5
7.5
2019-03-21 CVE-2018-14486 Cross-site Scripting vulnerability in Dnnsoftware Dotnetnuke 9.1.1
DNN (formerly DotNetNuke) 9.1.1 allows cross-site scripting (XSS) via XML. 		4.3
4.3
2018-07-03 CVE-2017-0929 Server-Side Request Forgery (SSRF) vulnerability in Dnnsoftware Dotnetnuke
DNN (aka DotNetNuke) before 9.2.0 suffers from a Server-Side Request Forgery (SSRF) vulnerability in the DnnImageHandler class.
network
low complexity
dnnsoftware CWE-918
5.0
5.0
2017-07-20 CVE-2017-9822 Improper Input Validation vulnerability in Dnnsoftware Dotnetnuke
DNN (aka DotNetNuke) before 9.1.1 has Remote Code Execution via a cookie, aka "2017-08 (Critical) Possible remote code execution on DNN sites."
network
low complexity
dnnsoftware CWE-20
6.5
6.5