Lucene search
K

754 matches found

ATTACKERKB
ATTACKERKB
added 2026/02/03 4:52 p.m.5 views

CVE-2020-37103

DotNetNuke 9.5 contains a persistent cross-site scripting vulnerability that allows normal users to upload malicious XML files with executable scripts through journal tools. Attackers can upload XML files with XHTML namespace scripts to execute arbitrary JavaScript in users' browsers, potentially...

6.4CVSS5.4AI score0.00291EPSS
Exploits1References4
CNNVD
CNNVD
added 2026/02/03 12:0 a.m.7 views

DNN DotNetNuke 跨站脚本漏洞

DNN DotNetNuke is a.NET platform content management system developed by DNN Corporation. Version 9.5 of DNN DotNetNuke contains a cross-site scripting vulnerability. This vulnerability arises from allowing ordinary users to upload malicious XML files containing executable scripts through the...

6.4CVSS5.6AI score0.00291EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2026/02/03 12:0 a.m.7 views

PT-2026-5852

DotNetNuke 9.5 contains a persistent cross-site scripting vulnerability that allows normal users to upload malicious XML files with executable scripts through journal tools. Attackers can upload XML files with XHTML namespace scripts to execute arbitrary JavaScript in users' browsers, potentially...

6.4CVSS5.5AI score0.00291EPSS
Exploits1References5
RedhatCVE
RedhatCVE
added 2026/01/29 3:26 a.m.32 views

CVE-2026-24784

DNN formerly DotNetNuke is an open-source web content management platform CMS in the Microsoft ecosystem. Starting in version 9.0.0 and prior to versions 9.13.10 and 10.2.0, a content editor could inject scripts in module headers/footers that would run for other users. Versions 9.13.10 and 10.2.0...

6.8CVSS5.9AI score0.0016EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/29 3:26 a.m.15 views

CVE-2026-24833

DNN formerly DotNetNuke is an open-source web content management platform CMS in the Microsoft ecosystem. Prior to versions 9.13.10 and 10.2.0, a module could install with richtext in its description field which could contain scripts that will run for user in the Persona Bar. Versions 9.13.10 and...

7.6CVSS5.9AI score0.00174EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/29 3:26 a.m.12 views

CVE-2026-24838

DNN formerly DotNetNuke is an open-source web content management platform CMS in the Microsoft ecosystem. Prior to versions 9.13.10 and 10.2.0, module title supports richtext which could include scripts that would execute in certain scenarios. Versions 9.13.10 and 10.2.0 contain a fix for the iss...

9.1CVSS6AI score0.00188EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/29 3:26 a.m.7 views

CVE-2026-24836

DNN formerly DotNetNuke is an open-source web content management platform CMS in the Microsoft ecosystem. Starting in version 9.0.0 and prior to versions 9.13.10 and 10.2.0, extensions could write richtext in log notes which can include scripts that would run in the PersonaBar when displayed...

7.6CVSS5.9AI score0.00226EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/29 3:26 a.m.7 views

CVE-2026-24837

DNN formerly DotNetNuke is an open-source web content management platform CMS in the Microsoft ecosystem. Starting in version 9.0.0 and prior to versions 9.13.10 and 10.2.0, a module friendly name could include scripts that will run during some module operations in the Persona Bar. Versions 9.13....

7.6CVSS5.9AI score0.00249EPSS
Exploits0References1
Snyk
Snyk
added 2026/01/28 9:34 p.m.5 views

Cross-site Scripting (XSS)

Overview DotNetNuke.Core is a references provider to the DotNetNuke.dll to develop extensions for the DNN Platform. Affected versions of this package are vulnerable to Cross-site Scripting XSS in the Module Title. An attacker can execute arbitrary scripts in the context of affected users by...

9.1CVSS6AI score0.00188EPSS
Exploits0References2
OSV
OSV
added 2026/01/28 9:34 p.m.3 views

GHSA-W9PF-H6M6-V89H DotNetNuke.Core Vulnerable to Stored XSS via Module Title

Module title supports richtext which could include scripts that would execute in certain scenarios...

9.1CVSS5.9AI score0.00188EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2026/01/28 9:34 p.m.19 views

DotNetNuke.Core Vulnerable to Stored XSS via Module Title

Module title supports richtext which could include scripts that would execute in certain scenarios...

9.1CVSS5.9AI score0.00188EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2026/01/28 4:34 p.m.3 views

GHSA-VM5Q-8QWW-H238 DotNetNuke.Core Vulnerable to Stored XSS in Module Deletion Confirmation Modal

A module friendly name could include scripts that will run during some module operations in the Persona Bar...

7.6CVSS5.9AI score0.00249EPSS
Exploits0References3
Snyk
Snyk
added 2026/01/28 4:34 p.m.4 views

Cross-site Scripting (XSS)

Overview DotNetNuke.Core is a references provider to the DotNetNuke.dll to develop extensions for the DNN Platform. Affected versions of this package are vulnerable to Cross-site Scripting XSS in the module friendlyName. An attacker can execute arbitrary scripts in the context of a user's browser...

7.6CVSS6AI score0.00249EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/01/28 4:34 p.m.11 views

DotNetNuke.Core Vulnerable to Stored XSS in Module Deletion Confirmation Modal

A module friendly name could include scripts that will run during some module operations in the Persona Bar...

7.6CVSS5.9AI score0.00249EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2026/01/28 4:33 p.m.4 views

GHSA-2G5G-HCGH-Q3RP DotNetNuke.Core Vulnerable to Stored XSS in Scheduler LogNotes

Extensions could write richtext in log notes which can include scripts that would run in the PersonaBar when displayed...

7.6CVSS5.9AI score0.00226EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/01/28 4:33 p.m.9 views

DotNetNuke.Core Vulnerable to Stored XSS in Scheduler LogNotes

Extensions could write richtext in log notes which can include scripts that would run in the PersonaBar when displayed...

7.6CVSS5.9AI score0.00226EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2026/01/28 4:20 p.m.3 views

GHSA-JJWG-4948-6WXP DotNetNuke.Core has a potential XSS vulnerability in modules' header and footer

A content editor could inject scripts in module headers/footers that would run for other users...

6.9CVSS5.9AI score0.0016EPSS
Exploits0References3
Snyk
Snyk
added 2026/01/28 4:20 p.m.4 views

Cross-site Scripting (XSS)

Overview DotNetNuke.Core is a references provider to the DotNetNuke.dll to develop extensions for the DNN Platform. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the header and footer fields of modules. An attacker can execute arbitrary scripts in the context of...

6.8CVSS5.6AI score0.0016EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/01/28 4:20 p.m.15 views

DotNetNuke.Core has a potential XSS vulnerability in modules' header and footer

A content editor could inject scripts in module headers/footers that would run for other users...

6.8CVSS5.9AI score0.0016EPSS
Exploits0References3Affected Software1
NVD
NVD
added 2026/01/28 1:16 a.m.9 views

CVE-2026-24838

DNN formerly DotNetNuke is an open-source web content management platform CMS in the Microsoft ecosystem. Prior to versions 9.13.10 and 10.2.0, module title supports richtext which could include scripts that would execute in certain scenarios. Versions 9.13.10 and 10.2.0 contain a fix for the iss...

9.1CVSS0.00188EPSS
Exploits0References1
Rows per page
Query Builder