Vulnerabilities > Dnnsoftware
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2019-07-03 | CVE-2018-18325 | Inadequate Encryption Strength vulnerability in Dnnsoftware Dotnetnuke DNN (aka DotNetNuke) 9.2 through 9.2.2 uses a weak encryption algorithm to protect input parameters. | 7.5 |
2019-07-03 | CVE-2018-15812 | Insufficient Entropy vulnerability in Dnnsoftware Dotnetnuke 9.2/9.2.0/9.2.1 DNN (aka DotNetNuke) 9.2 through 9.2.1 incorrectly converts encryption key source values, resulting in lower than expected entropy. | 7.5 |
2019-07-03 | CVE-2018-15811 | Inadequate Encryption Strength vulnerability in Dnnsoftware Dotnetnuke 9.2/9.2.0/9.2.1 DNN (aka DotNetNuke) 9.2 through 9.2.1 uses a weak encryption algorithm to protect input parameters. | 7.5 |
2019-03-21 | CVE-2018-14486 | Cross-site Scripting vulnerability in Dnnsoftware Dotnetnuke 9.1.1 DNN (formerly DotNetNuke) 9.1.1 allows cross-site scripting (XSS) via XML. | 6.1 |
2018-07-03 | CVE-2017-0929 | Server-Side Request Forgery (SSRF) vulnerability in Dnnsoftware Dotnetnuke DNN (aka DotNetNuke) before 9.2.0 suffers from a Server-Side Request Forgery (SSRF) vulnerability in the DnnImageHandler class. | 7.5 |
2017-07-20 | CVE-2017-9822 | Unspecified vulnerability in Dnnsoftware Dotnetnuke DNN (aka DotNetNuke) before 9.1.1 has Remote Code Execution via a cookie, aka "2017-08 (Critical) Possible remote code execution on DNN sites." | 8.8 |