Vulnerabilities > Dnnsoftware > Dotnetnuke > Medium

DATE CVE VULNERABILITY TITLE RISK
2023-04-12 CVE-2022-47053 Cross-site Scripting vulnerability in Dnnsoftware Dotnetnuke
An arbitrary file upload vulnerability in the Digital Assets Manager module of DNN Corp DotNetNuke v7.0.0 to v9.10.2 allows attackers to execute arbitrary code via a crafted SVG file.
network
low complexity
dnnsoftware CWE-79
5.4
5.4
2022-09-30 CVE-2022-2922 Path Traversal vulnerability in Dnnsoftware Dotnetnuke
Relative Path Traversal in GitHub repository dnnsoftware/dnn.platform prior to 9.11.0.
network
low complexity
dnnsoftware CWE-22
4.9
4.9
2022-07-20 CVE-2021-31858 Cross-site Scripting vulnerability in Dnnsoftware Dotnetnuke
DotNetNuke (DNN) 9.9.1 CMS is vulnerable to a Stored Cross-Site Scripting vulnerability in the user profile biography section which allows remote authenticated users to inject arbitrary code via a crafted payload.
network
low complexity
dnnsoftware CWE-79
5.4
5.4
2020-04-06 CVE-2020-11585 Authorization Bypass Through User-Controlled Key vulnerability in Dnnsoftware Dotnetnuke 9.5.0
There is an information disclosure issue in DNN (formerly DotNetNuke) 9.5 within the built-in Activity-Feed/Messaging/Userid/ Message Center module.
network
low complexity
dnnsoftware CWE-639
4.3
4.3
2020-02-24 CVE-2020-5188 Unrestricted Upload of File with Dangerous Type vulnerability in Dnnsoftware Dotnetnuke
DNN (formerly DotNetNuke) through 9.4.4 has Insecure Permissions.
network
low complexity
dnnsoftware CWE-434
6.5
6.5
2020-02-24 CVE-2020-5186 Cross-site Scripting vulnerability in Dnnsoftware Dotnetnuke
DNN (formerly DotNetNuke) through 9.4.4 allows XSS (issue 1 of 2).
network
low complexity
dnnsoftware CWE-79
5.4
5.4
2019-09-26 CVE-2019-12562 Cross-site Scripting vulnerability in Dnnsoftware Dotnetnuke
Stored Cross-Site Scripting in DotNetNuke (DNN) Version before 9.4.0 allows remote attackers to store and embed the malicious script into the admin notification page.
network
low complexity
dnnsoftware CWE-79
6.1
6.1
2019-03-21 CVE-2018-14486 Cross-site Scripting vulnerability in Dnnsoftware Dotnetnuke 9.1.1
DNN (formerly DotNetNuke) 9.1.1 allows cross-site scripting (XSS) via XML.
network
low complexity
dnnsoftware CWE-79
6.1
6.1