Vulnerabilities > Dnnsoftware

DATE CVE VULNERABILITY TITLE RISK
2019-07-03 CVE-2018-18325 Inadequate Encryption Strength vulnerability in Dnnsoftware Dotnetnuke
DNN (aka DotNetNuke) 9.2 through 9.2.2 uses a weak encryption algorithm to protect input parameters.
network
low complexity
dnnsoftware CWE-326
7.5
2019-07-03 CVE-2018-15812 Insufficient Entropy vulnerability in Dnnsoftware Dotnetnuke 9.2/9.2.0/9.2.1
DNN (aka DotNetNuke) 9.2 through 9.2.1 incorrectly converts encryption key source values, resulting in lower than expected entropy.
network
low complexity
dnnsoftware CWE-331
7.5
2019-07-03 CVE-2018-15811 Inadequate Encryption Strength vulnerability in Dnnsoftware Dotnetnuke 9.2/9.2.0/9.2.1
DNN (aka DotNetNuke) 9.2 through 9.2.1 uses a weak encryption algorithm to protect input parameters.
network
low complexity
dnnsoftware CWE-326
7.5
2019-03-21 CVE-2018-14486 Cross-site Scripting vulnerability in Dnnsoftware Dotnetnuke 9.1.1
DNN (formerly DotNetNuke) 9.1.1 allows cross-site scripting (XSS) via XML.
network
low complexity
dnnsoftware CWE-79
6.1
2018-07-03 CVE-2017-0929 Server-Side Request Forgery (SSRF) vulnerability in Dnnsoftware Dotnetnuke
DNN (aka DotNetNuke) before 9.2.0 suffers from a Server-Side Request Forgery (SSRF) vulnerability in the DnnImageHandler class.
network
low complexity
dnnsoftware CWE-918
7.5
2017-07-20 CVE-2017-9822 Unspecified vulnerability in Dnnsoftware Dotnetnuke
DNN (aka DotNetNuke) before 9.1.1 has Remote Code Execution via a cookie, aka "2017-08 (Critical) Possible remote code execution on DNN sites."
network
low complexity
dnnsoftware
8.8