754 matches found
CVE-2020-37103
DotNetNuke 9.5 contains a persistent cross-site scripting vulnerability that allows normal users to upload malicious XML files with executable scripts through journal tools. Attackers can upload XML files with XHTML namespace scripts to execute arbitrary JavaScript in users' browsers, potentially...
DNN DotNetNuke 跨站脚本漏洞
DNN DotNetNuke is a.NET platform content management system developed by DNN Corporation. Version 9.5 of DNN DotNetNuke contains a cross-site scripting vulnerability. This vulnerability arises from allowing ordinary users to upload malicious XML files containing executable scripts through the...
PT-2026-5852
DotNetNuke 9.5 contains a persistent cross-site scripting vulnerability that allows normal users to upload malicious XML files with executable scripts through journal tools. Attackers can upload XML files with XHTML namespace scripts to execute arbitrary JavaScript in users' browsers, potentially...
CVE-2026-24784
DNN formerly DotNetNuke is an open-source web content management platform CMS in the Microsoft ecosystem. Starting in version 9.0.0 and prior to versions 9.13.10 and 10.2.0, a content editor could inject scripts in module headers/footers that would run for other users. Versions 9.13.10 and 10.2.0...
CVE-2026-24833
DNN formerly DotNetNuke is an open-source web content management platform CMS in the Microsoft ecosystem. Prior to versions 9.13.10 and 10.2.0, a module could install with richtext in its description field which could contain scripts that will run for user in the Persona Bar. Versions 9.13.10 and...
CVE-2026-24838
DNN formerly DotNetNuke is an open-source web content management platform CMS in the Microsoft ecosystem. Prior to versions 9.13.10 and 10.2.0, module title supports richtext which could include scripts that would execute in certain scenarios. Versions 9.13.10 and 10.2.0 contain a fix for the iss...
CVE-2026-24836
DNN formerly DotNetNuke is an open-source web content management platform CMS in the Microsoft ecosystem. Starting in version 9.0.0 and prior to versions 9.13.10 and 10.2.0, extensions could write richtext in log notes which can include scripts that would run in the PersonaBar when displayed...
CVE-2026-24837
DNN formerly DotNetNuke is an open-source web content management platform CMS in the Microsoft ecosystem. Starting in version 9.0.0 and prior to versions 9.13.10 and 10.2.0, a module friendly name could include scripts that will run during some module operations in the Persona Bar. Versions 9.13....
Cross-site Scripting (XSS)
Overview DotNetNuke.Core is a references provider to the DotNetNuke.dll to develop extensions for the DNN Platform. Affected versions of this package are vulnerable to Cross-site Scripting XSS in the Module Title. An attacker can execute arbitrary scripts in the context of affected users by...
GHSA-W9PF-H6M6-V89H DotNetNuke.Core Vulnerable to Stored XSS via Module Title
Module title supports richtext which could include scripts that would execute in certain scenarios...
DotNetNuke.Core Vulnerable to Stored XSS via Module Title
Module title supports richtext which could include scripts that would execute in certain scenarios...
GHSA-VM5Q-8QWW-H238 DotNetNuke.Core Vulnerable to Stored XSS in Module Deletion Confirmation Modal
A module friendly name could include scripts that will run during some module operations in the Persona Bar...
Cross-site Scripting (XSS)
Overview DotNetNuke.Core is a references provider to the DotNetNuke.dll to develop extensions for the DNN Platform. Affected versions of this package are vulnerable to Cross-site Scripting XSS in the module friendlyName. An attacker can execute arbitrary scripts in the context of a user's browser...
DotNetNuke.Core Vulnerable to Stored XSS in Module Deletion Confirmation Modal
A module friendly name could include scripts that will run during some module operations in the Persona Bar...
GHSA-2G5G-HCGH-Q3RP DotNetNuke.Core Vulnerable to Stored XSS in Scheduler LogNotes
Extensions could write richtext in log notes which can include scripts that would run in the PersonaBar when displayed...
DotNetNuke.Core Vulnerable to Stored XSS in Scheduler LogNotes
Extensions could write richtext in log notes which can include scripts that would run in the PersonaBar when displayed...
GHSA-JJWG-4948-6WXP DotNetNuke.Core has a potential XSS vulnerability in modules' header and footer
A content editor could inject scripts in module headers/footers that would run for other users...
Cross-site Scripting (XSS)
Overview DotNetNuke.Core is a references provider to the DotNetNuke.dll to develop extensions for the DNN Platform. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the header and footer fields of modules. An attacker can execute arbitrary scripts in the context of...
DotNetNuke.Core has a potential XSS vulnerability in modules' header and footer
A content editor could inject scripts in module headers/footers that would run for other users...
CVE-2026-24838
DNN formerly DotNetNuke is an open-source web content management platform CMS in the Microsoft ecosystem. Prior to versions 9.13.10 and 10.2.0, module title supports richtext which could include scripts that would execute in certain scenarios. Versions 9.13.10 and 10.2.0 contain a fix for the iss...