Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

754 matches found

Tenable Nessus
Tenable Nessusadded 2026/04/10 12:0 a.m.0 views

Dotnetnuke < 10.2.2 Same HostGUID for all new installs (GHSA-2rhw-gw3f-477j)

According to its self-reported version, the instance of Dotnetnuke running on the remote web server is prior to 10.2.2. It is, therefore, affected by a vulnerability. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number...

5.9AI score
Exploits0References1
Positive Technologies
Positive Technologiesadded 2026/04/10 12:0 a.m.5 views

PT-2026-32982

DNN formerly DotNetNuke is an open-source web content management platform CMS in the Microsoft ecosystem. All new installations of DNN 10.x.x - 10.2.1 have the same Host GUID. This does not affect upgrades from 9.x.x. Version 10.2.2 patches the issue...

6.9CVSS5.8AI score0.00175EPSS
Exploits0References6
Tenable Nessus
Tenable Nessusadded 2026/04/10 12:0 a.m.6 views

Dotnetnuke < 10.2.2 Same HostGUID for all new installs (CVE-2026-40306)

According to its self-reported version, the instance of Dotnetnuke running on the remote web server is prior to 10.2.2. It is, therefore, affected by a vulnerability. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number...

6.9CVSS5.8AI score0.00175EPSS
Exploits0References2
Positive Technologies
Positive Technologiesadded 2026/04/10 12:0 a.m.3 views

PT-2026-32981

Name of the Vulnerable Software and Affected Versions DNN versions 6.0.0 through 10.2.1 Description In the friends feature, a user could craft a request that would force the acceptance of a friend request on another user. Recommendations Update to version 10.2.2...

4.3CVSS5.8AI score0.00183EPSS
Exploits0References6
Tenable Nessus
Tenable Nessusadded 2026/04/10 12:0 a.m.1 views

Dotnetnuke < 10.2.2 Stored cross-site-scripting (XSS) via SVG upload (GHSA-ffq7-898w-9jc4)

According to its self-reported version, the instance of Dotnetnuke running on the remote web server is prior to 10.2.2. It is, therefore, affected by a vulnerability. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number...

5.9AI score
Exploits0References1
Nuclei
Nucleiadded 2026/02/04 7:0 a.m.28 views

DNN - Unrestricted Arbitrary File Upload

DNN formerly DotNetNuke \u003C 10.1.1 contains an unrestricted file upload vulnerability caused by the default HTML editor provider allowing unauthenticated file uploads and overwriting existing files, letting unauthenticated attackers deface websites and inject XSS payloads, exploit requires no...

10CVSS6.2AI score0.44656EPSS
Exploits3References1
Veracode
Veracodeadded 2026/02/04 6:40 a.m.5 views

Cross-Site Scripting (XSS)

dotnetnuke.core is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to improper input validation in module friendly names, which allows an attacker to inject and execute malicious scripts during certain module operations in the Persona Bar...

7.6CVSS5.5AI score0.00249EPSS
Exploits0References3Affected Software1
Veracode
Veracodeadded 2026/02/04 6:25 a.m.5 views

Cross-site Scripting (XSS)

dotnetnuke.core is vulnerable to cross-site scripting XSS. The vulnerability is due to module titles supporting rich text input without proper script sanitization, which allows an attacker to inject and execute malicious scripts in certain scenarios...

9.1CVSS5AI score0.00188EPSS
Exploits0References4Affected Software1
Tenable Nessus
Tenable Nessusadded 2026/02/04 12:0 a.m.4 views

Dotnetnuke < 9.13.10 / 10.0.x < 10.02.00 Stored XSS in Module Description (CVE-2026-24833)

According to its self-reported version, the instance of Dotnetnuke running on the remote web server is prior to 9.13.10 or 10.0.x prior to 10.02.00. It is, therefore, affected by a vulnerability. - DNN formerly DotNetNuke is an open-source web content management platform CMS in the Microsoft...

7.6CVSS5.4AI score0.00174EPSS
Exploits0References2
Tenable Nessus
Tenable Nessusadded 2026/02/04 12:0 a.m.3 views

DNN DotNetNuke.Core < 9.13.10 / 10.0 < 10.2.0 XSS

According to its self-reported version, the instance of DNN formerly DotNetNuke running on the remote web server is prior to 9.13.10 and 10.2.0. It is, therefore, affected by a cross-site scripting vulnerability: - DNN formerly DotNetNuke is an open-source web content management platform CMS in t...

9.1CVSS5.2AI score0.00188EPSS
Exploits0References2
Tenable Nessus
Tenable Nessusadded 2026/02/04 12:0 a.m.5 views

Dotnetnuke < 9.13.10 / 10.0.x < 10.02.00 Stored XSS via Module Title (CVE-2026-24838)

According to its self-reported version, the instance of Dotnetnuke running on the remote web server is prior to 9.13.10 or 10.0.x prior to 10.02.00. It is, therefore, affected by a vulnerability. - DNN formerly DotNetNuke is an open-source web content management platform CMS in the Microsoft...

9.1CVSS5.9AI score0.00188EPSS
Exploits0References2
Tenable Nessus
Tenable Nessusadded 2026/02/04 12:0 a.m.4 views

Dotnetnuke 9.0.x < 9.13.10 / 10.0.x < 10.02.00 Potential XSS vulnerability in modules' header and footer (CVE-2026-24784)

According to its self-reported version, the instance of Dotnetnuke running on the remote web server is 9.0.x prior to 9.13.10 or 10.0.x prior to 10.02.00. It is, therefore, affected by a vulnerability. - DNN formerly DotNetNuke is an open-source web content management platform CMS in the Microsof...

6.8CVSS5.4AI score0.0016EPSS
Exploits0References2
Tenable Nessus
Tenable Nessusadded 2026/02/04 12:0 a.m.4 views

Dotnetnuke 9.0.x < 9.13.10 / 10.0.x < 10.2.0 Stored XSS in Module Deletion Confirmation Modal (CVE-2026-24837)

According to its self-reported version, the instance of Dotnetnuke running on the remote web server is 9.0.x prior to 9.13.10 or 10.0.x prior to 10.2.0. It is, therefore, affected by a vulnerability. - DNN formerly DotNetNuke is an open-source web content management platform CMS in the Microsoft...

7.6CVSS5.4AI score0.00249EPSS
Exploits0References2
Tenable Nessus
Tenable Nessusadded 2026/02/04 12:0 a.m.5 views

Dotnetnuke 9.0.x < 9.13.10 / 10.0.x < 10.02.00 Stored XSS in Scheduler LogNotes (CVE-2026-24836)

According to its self-reported version, the instance of Dotnetnuke running on the remote web server is 9.0.x prior to 9.13.10 or 10.0.x prior to 10.02.00. It is, therefore, affected by a vulnerability. - DNN formerly DotNetNuke is an open-source web content management platform CMS in the Microsof...

7.6CVSS5.5AI score0.00226EPSS
Exploits0References2
NVD
NVDadded 2026/02/03 6:16 p.m.8 views

CVE-2020-37103

DotNetNuke 9.5 contains a persistent cross-site scripting vulnerability that allows normal users to upload malicious XML files with executable scripts through journal tools. Attackers can upload XML files with XHTML namespace scripts to execute arbitrary JavaScript in users' browsers, potentially...

6.4CVSS0.00291EPSS
Exploits1References4
OSV
OSVadded 2026/02/03 6:16 p.m.8 views

CVE-2020-37103

DotNetNuke 9.5 contains a persistent cross-site scripting vulnerability that allows normal users to upload malicious XML files with executable scripts through journal tools. Attackers can upload XML files with XHTML namespace scripts to execute arbitrary JavaScript in users' browsers, potentially...

5.4CVSS5.6AI score
Exploits0References4
EUVD
EUVDadded 2026/02/03 4:52 p.m.8 views

EUVD-2020-30988

DotNetNuke 9.5 contains a persistent cross-site scripting vulnerability that allows normal users to upload malicious XML files with executable scripts through journal tools. Attackers can upload XML files with XHTML namespace scripts to execute arbitrary JavaScript in users' browsers, potentially...

6.4CVSS5.4AI score0.00291EPSS
Exploits1References4
CVE
CVEadded 2026/02/03 4:52 p.m.16 views

CVE-2020-37103

DotNetNuke 9.5 contains a persistent cross-site scripting (XSS) vulnerability that allows normal users to upload XML files with executable scripts via journal tools. This can cause arbitrary JavaScript to run in users’ browsers, potentially bypassing CSRF protections and enabling more damaging at...

6.4CVSS5.4AI score0.00291EPSS
Exploits1References4Affected Software1
ATTACKERKB
ATTACKERKBadded 2026/02/03 4:52 p.m.5 views

CVE-2020-37103

DotNetNuke 9.5 contains a persistent cross-site scripting vulnerability that allows normal users to upload malicious XML files with executable scripts through journal tools. Attackers can upload XML files with XHTML namespace scripts to execute arbitrary JavaScript in users' browsers, potentially...

6.4CVSS5.4AI score0.00291EPSS
Exploits1References4
Vulnrichment
Vulnrichmentadded 2026/02/03 4:52 p.m.5 views

CVE-2020-37103 DotNetNuke 9.5 - Persistent Cross-Site Scripting

DotNetNuke 9.5 contains a persistent cross-site scripting vulnerability that allows normal users to upload malicious XML files with executable scripts through journal tools. Attackers can upload XML files with XHTML namespace scripts to execute arbitrary JavaScript in users' browsers, potentially...

6.4CVSS5.4AI score0.00291EPSS
Exploits1References4
Rows per page
Query Builder