754 matches found
PT-2026-5041
Name of the Vulnerable Software and Affected Versions DNN formerly DotNetNuke versions 9.0.0 through 9.13.9 DNN formerly DotNetNuke versions 10.0.0 through 10.1.9 Description DNN formerly DotNetNuke is an open-source web content management platform. Extensions could write rich text in log notes,...
PT-2026-5040
Name of the Vulnerable Software and Affected Versions DNN formerly DotNetNuke versions prior to 9.13.10 DNN formerly DotNetNuke versions prior to 10.2.0 Description DNN formerly DotNetNuke is an open-source web content management platform. Prior to versions 9.13.10 and 10.2.0, a module could be...
PT-2026-5039
DNN formerly DotNetNuke is an open-source web content management platform CMS in the Microsoft ecosystem. Starting in version 9.0.0 and prior to versions 9.13.10 and 10.2.0, a content editor could inject scripts in module headers/footers that would run for other users. Versions 9.13.10 and 10.2.0...
CVE-2009-4109
The install wizard in DotNetNuke 4.0 through 5.1.4 does not prevent anonymous users from accessing functionality related to determination of the need for an upgrade, which allows remote attackers to access version information and possibly other sensitive information...
CVE-2021-31858
DotNetNuke DNN 9.9.1 CMS is vulnerable to a Stored Cross-Site Scripting vulnerability in the user profile biography section which allows remote authenticated users to inject arbitrary code via a crafted payload...
CVE-2008-6399
Unspecified vulnerability in DotNetNuke 4.5.2 through 4.9 allows remote attackers to "add additional roles to their user account" via unknown attack vectors...
CVE-2019-12562
Stored Cross-Site Scripting in DotNetNuke DNN Version before 9.4.0 allows remote attackers to store and embed the malicious script into the admin notification page. The exploit could be used to perfom any action with admin privileges such as managing content, adding users, uploading backdoors to...
Stored Cross-site-scripting (XSS)
dotnetnuke.core is vulnerable to cross-site scripting XSS. The vulnerability is due to incomplete sanitization of uploaded SVG file content, which allows an attacker to inject malicious scripts and execute them in a user’s browser...
📄 DNN Platform Pre‑10.1.1 Arbitrary File Upload
DNN Platform version Pre‑10.1.1 suffers from an unauthenticated arbitrary file upload vulnerability. This software was formerly known as DotNetNuke. ============================================================================================================================================= | Titl...
VulnCheck KEV: CVE-2025-64095
DNN formerly DotNetNuke is an open-source web content management platform CMS in the Microsoft ecosystem. Prior to 10.1.1, the default HTML editor provider allows unauthenticated file uploads and images can overwrite existing files. An unauthenticated user can upload and replace existing files...
Exploit for Unrestricted Upload of File with Dangerous Type in Dnnsoftware Dotnetnuke
=== Description === DNN formerly DotNetNuke is an open-source...
DotNetNuke < 10.1.1 Unrestricted File Upload
DotNetNuke CMS versions prior to 10.1.1 are affected by an unrestricted file upload vulnerability due to improper validation of uploaded files in the default HTML editor provider. This vulnerability allows unauthenticated users to upload files without proper restrictions, potentially leading to...
Exploit for Unrestricted Upload of File with Dangerous Type in Dnnsoftware Dotnetnuke
CVE-2025-64095-DotNetNuke-DNNPoC proof of concept PoC F...
U.S. Dept Of Defense: DNN - Unrestricted Arbitrary File Upload #████████
A vulnerability was discovered in versions of DNN formerly DotNetNuke prior to 10.1.1. The vulnerability was caused by the default HTML editor provider allowing unauthenticated file uploads and overwriting of existing files. This could have led to website defacement and cross-site scripting attac...
Cross-Site Scripting (XSS)
dotnetnuke.core is vulnerable to a Cross-Site Scripting XSS. The vulnerability is due to improper input validation in the Biography field, which allows an attacker to inject and execute malicious JavaScript code in the context of the website, affecting other users including administrators and...
Client-Side Content Injection (XSS)
dotnetnuke.core is vulnerable to Client-Side Content Injection XSS. The vulnerability is due to improper validation of query parameters, which allows an attacker to load and exploit vulnerable themes on client browsers without the site owner’s knowledge...
CVE-2025-64095
DNN formerly DotNetNuke is an open-source web content management platform CMS in the Microsoft ecosystem. Prior to 10.1.1, the default HTML editor provider allows unauthenticated file uploads and images can overwrite existing files. An unauthenticated user can upload and replace existing files...
CVE-2025-62802
DNN formerly DotNetNuke is an open-source web content management platform CMS in the Microsoft ecosystem. Prior to 10.1.1, the out-of-box experience for HTML editing allows unauthenticated users to upload files. This opens a potential vector to other security issues and is not needed on most...
CVE-2025-64094
DNN formerly DotNetNuke is an open-source web content management platform CMS in the Microsoft ecosystem. Prior to 10.1.1, sanitization of the content of uploaded SVG files was not covering all possible XSS scenarios. This vulnerability exists because of an incomplete fix for CVE-2025-48378. This...
EUVD-2025-36564
DNN Insufficient Access Control - Image Upload allows for Site Content Overwrite...