754 matches found
CVE-2026-40306 DNN has same HostGUID for all new installs
DNN formerly DotNetNuke is an open-source web content management platform CMS in the Microsoft ecosystem. All new installations of DNN 10.x.x - 10.2.1 have the same Host GUID. This does not affect upgrades from 9.x.x. Version 10.2.2 patches the issue...
CVE-2026-40305
DNN (DotNetNuke) is affected by CVE-2026-40305 in versions 6.0.0 through 10.2.1, where a crafted request in the friends feature could force the acceptance of a friend request on another user. The issue is fixed in version 10.2.2 (patch). Affects DotNetNuke Platform’s friend-acceptance flow and is...
CVE-2026-40305 DNN has Force Friend Request Acceptance
DNN formerly DotNetNuke is an open-source web content management platform CMS in the Microsoft ecosystem. Starting in version 6.0.0 and prior to version 10.2.2, in the friends feature, a user could craft a request that would force the acceptance of a friend request on another user. Version 10.2.2...
CVE-2026-40305
DNN formerly DotNetNuke is an open-source web content management platform CMS in the Microsoft ecosystem. Starting in version 6.0.0 and prior to version 10.2.2, in the friends feature, a user could craft a request that would force the acceptance of a friend request on another user. Version 10.2.2...
CVE-2026-40305 DNN has Force Friend Request Acceptance
DNN formerly DotNetNuke is an open-source web content management platform CMS in the Microsoft ecosystem. Starting in version 6.0.0 and prior to version 10.2.2, in the friends feature, a user could craft a request that would force the acceptance of a friend request on another user. Version 10.2.2...
DNN 安全漏洞
DNN also known as DotNetNuke is an open-source content management system CMS developed by the American company DNN, supported by Microsoft and built on the ASP.NET platform. This system features easy installation, scalability, and rich functionality. Versions of DNN from 6.0.0 to 10.2.2 contained...
DNN 安全漏洞
DNN also known as DotNetNuke is an open-source content management system CMS developed by the American company DNN, supported by Microsoft and based on the ASP.NET platform. This system features easy installation, scalability, and rich functionality. Versions of DNN prior to 10.2.2 contained...
DNN 安全漏洞
DNN also known as DotNetNuke is an open-source content management system CMS developed by the American company DNN, supported by Microsoft and based on the ASP.NET platform. This system features easy installation, scalability, and rich functionality. Versions of DNN from 10.x.x to 10.2.1 containe...
DotNetNuke.Core security code analysis rules triggered
The codebase raises code analysis warnings related to security, including CA3075, CA5366, CA5371, CA5368, CA5369, CA5372, CA5379, CA5350, and CA5351. Most of these deal with disabling DTD processing in XML documents, but also includes cryptographic algorithm choices...
GHSA-FCPV-W245-R2Q7 DotNetNuke.Core security code analysis rules triggered
The codebase raises code analysis warnings related to security, including CA3075, CA5366, CA5371, CA5368, CA5369, CA5372, CA5379, CA5350, and CA5351. Most of these deal with disabling DTD processing in XML documents, but also includes cryptographic algorithm choices...
Dotnetnuke < 10.2.2 Security code analysis rules triggered (GHSA-fcpv-w245-r2q7)
According to its self-reported version, the instance of Dotnetnuke running on the remote web server is prior to 10.2.2. It is, therefore, affected by a vulnerability. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number...
Dotnetnuke < 10.2.2 Stored cross-site-scripting (XSS) via SVG upload (CVE-2026-40321)
According to its self-reported version, the instance of Dotnetnuke running on the remote web server is prior to 10.2.2. It is, therefore, affected by a vulnerability. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number...
Generation of Predictable Numbers or Identifiers
Overview DotNetNuke.Core is a references provider to the DotNetNuke.dll to develop extensions for the DNN Platform. Affected versions of this package are vulnerable to Generation of Predictable Numbers or Identifiers in the form of generation of identical HostGUID values during installation. An...
DNN: Same HostGUID for all new installs
DNN formerly DotNetNuke is an open-source web content management platform CMS in the Microsoft ecosystem. All new installations of DNN 10.x.x - 10.2.1 have the same Host GUID. This does not affect upgrades from 9.x.x. Version 10.2.2 patches the issue...
Cross-site Request Forgery (CSRF)
Overview DotNetNuke.Core is a references provider to the DotNetNuke.dll to develop extensions for the DNN Platform. Affected versions of this package are vulnerable to Cross-site Request Forgery CSRF in the AddFriend functionality. An attacker can send a request that forces another user to accept...
Cross-site Scripting (XSS)
Overview DotNetNuke.Core is a references provider to the DotNetNuke.dll to develop extensions for the DNN Platform. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the SVG upload. An user can execute arbitrary scripts in the context of other users by uploading a...
DotNetNuke.Core has stored cross-site-scripting (XSS) via SVG upload
DNN formerly DotNetNuke is an open-source web content management platform CMS in the Microsoft ecosystem. Prior to version 10.2.2, a user could upload a specially crafted SVG file that could include scripts that can target both authenticated and unauthenticated DNN users. The impact is increased ...
GHSA-FFQ7-898W-9JC4 DotNetNuke.Core has stored cross-site-scripting (XSS) via SVG upload
DNN formerly DotNetNuke is an open-source web content management platform CMS in the Microsoft ecosystem. Prior to version 10.2.2, a user could upload a specially crafted SVG file that could include scripts that can target both authenticated and unauthenticated DNN users. The impact is increased ...
PT-2026-32982
DNN formerly DotNetNuke is an open-source web content management platform CMS in the Microsoft ecosystem. All new installations of DNN 10.x.x - 10.2.1 have the same Host GUID. This does not affect upgrades from 9.x.x. Version 10.2.2 patches the issue...
PT-2026-32981
Name of the Vulnerable Software and Affected Versions DNN versions 6.0.0 through 10.2.1 Description In the friends feature, a user could craft a request that would force the acceptance of a friend request on another user. Recommendations Update to version 10.2.2...