Vulnerabilities > Dotnetnuke > Medium

DATE CVE VULNERABILITY TITLE RISK
2015-02-09 CVE-2015-1566 Cross-site Scripting vulnerability in Dotnetnuke
Cross-site scripting (XSS) vulnerability in DotNetNuke (DNN) before 7.4.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
network
dotnetnuke CWE-79
4.3
4.3
2014-03-12 CVE-2013-7335 Improper Input Validation vulnerability in Dotnetnuke
Open redirect vulnerability in DotNetNuke (DNN) before 6.2.9 and 7.x before 7.1.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.
network
dotnetnuke CWE-20
4.3
4.3
2014-03-12 CVE-2013-4649 Cross-Site Scripting vulnerability in Dotnetnuke
Cross-site scripting (XSS) vulnerability in DotNetNuke (DNN) before 6.2.9 and 7.x before 7.1.1 allows remote attackers to inject arbitrary web script or HTML via the __dnnVariable parameter to the default URI.
network
dotnetnuke CWE-79
4.3
4.3
2012-04-11 CVE-2012-1036 Cross-Site Scripting vulnerability in Dotnetnuke
Cross-site scripting (XSS) vulnerability in the telerik HTML editor in DotNetNuke before 5.6.4 and 6.x before 6.1.0 allows remote attackers to inject arbitrary web script or HTML via a message.
network
dotnetnuke CWE-79
4.3
4.3
2012-04-11 CVE-2012-1030 Cross-Site Scripting vulnerability in Dotnetnuke 6.0.0/6.0.1/6.0.2
Cross-site scripting (XSS) vulnerability in DotNetNuke 6.x through 6.0.2 allows user-assisted remote attackers to inject arbitrary web script or HTML via a crafted URL containing text that is used within a modal popup.
network
dotnetnuke CWE-79
4.3
4.3
2010-12-09 CVE-2010-4514 Cross-Site Scripting vulnerability in Dotnetnuke 5.05.01/5.06.00
Cross-site scripting (XSS) vulnerability in Install/InstallWizard.aspx in DotNetNuke 5.05.01 and 5.06.00 allows remote attackers to inject arbitrary web script or HTML via the __VIEWSTATE parameter.
network
dotnetnuke CWE-79
4.3
4.3
2009-11-29 CVE-2009-4110 Cross-Site Scripting vulnerability in Dotnetnuke
Cross-site scripting (XSS) vulnerability in the search functionality in DotNetNuke 4.8 through 5.1.4 allows remote attackers to inject arbitrary web script or HTML via search terms that are not properly filtered before display in a custom results page.
network
dotnetnuke CWE-79
4.3
4.3
2009-11-29 CVE-2009-4109 Information Exposure vulnerability in Dotnetnuke
The install wizard in DotNetNuke 4.0 through 5.1.4 does not prevent anonymous users from accessing functionality related to determination of the need for an upgrade, which allows remote attackers to access version information and possibly other sensitive information.
network
low complexity
dotnetnuke CWE-200
5.0
5.0
2009-08-27 CVE-2008-7101 Security Bypass and Information Disclosure vulnerability in DotNetNuke
Unspecified vulnerability in DotNetNuke 4.0 through 4.8.4 and 5.0 allows remote attackers to obtain sensitive information (portal number) by accessing the install wizard page via unknown vectors.
network
low complexity
dotnetnuke
5.0
5.0
2009-08-27 CVE-2008-7100 Security Bypass and Information Disclosure vulnerability in DotNetNuke
Unspecified vulnerability in DotNetNuke 4.4.1 through 4.8.4 allows remote authenticated users to bypass authentication and gain privileges via unknown vectors related to a "unique id" for user actions and improper validation of a "user identity."
network
low complexity
dotnetnuke
6.5
6.5