Lucene search
K

754 matches found

Positive Technologies
Positive Technologies
added 2026/01/27 12:0 a.m.6 views

PT-2026-5041

Name of the Vulnerable Software and Affected Versions DNN formerly DotNetNuke versions 9.0.0 through 9.13.9 DNN formerly DotNetNuke versions 10.0.0 through 10.1.9 Description DNN formerly DotNetNuke is an open-source web content management platform. Extensions could write rich text in log notes,...

7.6CVSS5.2AI score0.00226EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2026/01/27 12:0 a.m.11 views

PT-2026-5040

Name of the Vulnerable Software and Affected Versions DNN formerly DotNetNuke versions prior to 9.13.10 DNN formerly DotNetNuke versions prior to 10.2.0 Description DNN formerly DotNetNuke is an open-source web content management platform. Prior to versions 9.13.10 and 10.2.0, a module could be...

7.6CVSS5.3AI score0.00174EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/01/27 12:0 a.m.11 views

PT-2026-5039

DNN formerly DotNetNuke is an open-source web content management platform CMS in the Microsoft ecosystem. Starting in version 9.0.0 and prior to versions 9.13.10 and 10.2.0, a content editor could inject scripts in module headers/footers that would run for other users. Versions 9.13.10 and 10.2.0...

6.8CVSS5.9AI score0.0016EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/01/09 11:52 a.m.7 views

CVE-2009-4109

The install wizard in DotNetNuke 4.0 through 5.1.4 does not prevent anonymous users from accessing functionality related to determination of the need for an upgrade, which allows remote attackers to access version information and possibly other sensitive information...

5CVSS6.8AI score0.01229EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 11:23 a.m.7 views

CVE-2021-31858

DotNetNuke DNN 9.9.1 CMS is vulnerable to a Stored Cross-Site Scripting vulnerability in the user profile biography section which allows remote authenticated users to inject arbitrary code via a crafted payload...

5.4CVSS6AI score0.0055EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 10:24 a.m.9 views

CVE-2008-6399

Unspecified vulnerability in DotNetNuke 4.5.2 through 4.9 allows remote attackers to "add additional roles to their user account" via unknown attack vectors...

6.4CVSS7.1AI score0.01953EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/07 9:26 a.m.6 views

CVE-2019-12562

Stored Cross-Site Scripting in DotNetNuke DNN Version before 9.4.0 allows remote attackers to store and embed the malicious script into the admin notification page. The exploit could be used to perfom any action with admin privileges such as managing content, adding users, uploading backdoors to...

6.1CVSS5.9AI score0.06175EPSS
Exploits6References1
Veracode
Veracode
added 2025/12/13 5:20 a.m.4 views

Stored Cross-site-scripting (XSS)

dotnetnuke.core is vulnerable to cross-site scripting XSS. The vulnerability is due to incomplete sanitization of uploaded SVG file content, which allows an attacker to inject malicious scripts and execute them in a user’s browser...

6.4CVSS5.7AI score0.00179EPSS
Exploits0References3Affected Software1
Packet Storm
Packet Storm
added 2025/12/08 12:0 a.m.203 views

📄 DNN Platform Pre‑10.1.1 Arbitrary File Upload

DNN Platform version Pre‑10.1.1 suffers from an unauthenticated arbitrary file upload vulnerability. This software was formerly known as DotNetNuke. ============================================================================================================================================= | Titl...

10CVSS7.4AI score0.44656EPSS
Exploits3
VulnCheck KEV
VulnCheck KEV
added 2025/11/27 12:0 a.m.4 views

VulnCheck KEV: CVE-2025-64095

DNN formerly DotNetNuke is an open-source web content management platform CMS in the Microsoft ecosystem. Prior to 10.1.1, the default HTML editor provider allows unauthenticated file uploads and images can overwrite existing files. An unauthenticated user can upload and replace existing files...

10CVSS5.8AI score0.44656EPSS
In wildExploits3References29
GithubExploit
GithubExploit
added 2025/11/18 6:53 p.m.161 views

Exploit for Unrestricted Upload of File with Dangerous Type in Dnnsoftware Dotnetnuke

=== Description === DNN formerly DotNetNuke is an open-source...

10CVSS6.5AI score0.44656EPSS
Exploits3
Tenable Nessus
Tenable Nessus
added 2025/11/10 12:0 a.m.7 views

DotNetNuke < 10.1.1 Unrestricted File Upload

DotNetNuke CMS versions prior to 10.1.1 are affected by an unrestricted file upload vulnerability due to improper validation of uploaded files in the default HTML editor provider. This vulnerability allows unauthenticated users to upload files without proper restrictions, potentially leading to...

10CVSS6.2AI score0.44656EPSS
Exploits3References3
GithubExploit
GithubExploit
added 2025/11/06 8:20 p.m.218 views

Exploit for Unrestricted Upload of File with Dangerous Type in Dnnsoftware Dotnetnuke

CVE-2025-64095-DotNetNuke-DNNPoC proof of concept PoC F...

10CVSS6.7AI score0.44656EPSS
Exploits3
Hacker One
Hacker One
added 2025/11/06 11:53 a.m.12 views

U.S. Dept Of Defense: DNN - Unrestricted Arbitrary File Upload #████████

A vulnerability was discovered in versions of DNN formerly DotNetNuke prior to 10.1.1. The vulnerability was caused by the default HTML editor provider allowing unauthenticated file uploads and overwriting of existing files. This could have led to website defacement and cross-site scripting attac...

10CVSS6.2AI score0.44656EPSS
Exploits3
Veracode
Veracode
added 2025/11/05 7:47 a.m.7 views

Cross-Site Scripting (XSS)

dotnetnuke.core is vulnerable to a Cross-Site Scripting XSS. The vulnerability is due to improper input validation in the Biography field, which allows an attacker to inject and execute malicious JavaScript code in the context of the website, affecting other users including administrators and...

6.3CVSS6.3AI score0.00166EPSS
Exploits0References3Affected Software1
Veracode
Veracode
added 2025/11/05 6:8 a.m.5 views

Client-Side Content Injection (XSS)

dotnetnuke.core is vulnerable to Client-Side Content Injection XSS. The vulnerability is due to improper validation of query parameters, which allows an attacker to load and exploit vulnerable themes on client browsers without the site owner’s knowledge...

6.5CVSS7.1AI score0.00322EPSS
Exploits0References6Affected Software1
RedhatCVE
RedhatCVE
added 2025/10/29 10:14 p.m.9 views

CVE-2025-64095

DNN formerly DotNetNuke is an open-source web content management platform CMS in the Microsoft ecosystem. Prior to 10.1.1, the default HTML editor provider allows unauthenticated file uploads and images can overwrite existing files. An unauthenticated user can upload and replace existing files...

10CVSS6.6AI score0.44656EPSS
Exploits3References1
RedhatCVE
RedhatCVE
added 2025/10/29 10:14 p.m.15 views

CVE-2025-62802

DNN formerly DotNetNuke is an open-source web content management platform CMS in the Microsoft ecosystem. Prior to 10.1.1, the out-of-box experience for HTML editing allows unauthenticated users to upload files. This opens a potential vector to other security issues and is not needed on most...

4.3CVSS7AI score0.00214EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/10/29 10:14 p.m.9 views

CVE-2025-64094

DNN formerly DotNetNuke is an open-source web content management platform CMS in the Microsoft ecosystem. Prior to 10.1.1, sanitization of the content of uploaded SVG files was not covering all possible XSS scenarios. This vulnerability exists because of an incomplete fix for CVE-2025-48378. This...

6.4CVSS6.2AI score0.00244EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/29 9:48 p.m.10 views

EUVD-2025-36564

DNN Insufficient Access Control - Image Upload allows for Site Content Overwrite...

10CVSS6.3AI score0.44656EPSS
Exploits3References2
Rows per page
Query Builder