EUVD-2022-7070

Malicious code in bioql PyPI...

Login IP Filter Bypass

DNN.PLATFORM is vulnerable to login IP filter bypass. The vulnerability is due to the ability to craft a special request or proxy, which allows an attacker to bypass IP-based access controls and perform unauthorized login attempts from disallowed IP addresses...

Cross-Site Scripting (XSS)

DNN.PLATFORM is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to insufficient validation in the TokenReplace function and SkinObjects, which fail to handle specially crafted URLs, allowing attackers to inject and execute arbitrary scripts in the user's browser...

CVE-2025-52488 DNN.PLATFORM leaks NTLM hash via SMB Share Interaction with malicious user input

DNN formerly DotNetNuke is an open-source web content management platform CMS in the Microsoft ecosystem. In versions 6.0.0 to before 10.0.1, DNN.PLATFORM allows a specially crafted series of malicious interaction to potentially expose NTLM hashes to a third party SMB server. This issue has been...

GHSA-MGFV-2362-JQ96 DNN.PLATFORM leaks NTLM hash via SMB Share Interaction with malicious user input

DNN.PLATFORM allows a specially crafted series of malicious interaction can expose NTLM hashes to a third party SMB server. This vulnerability is fixed in 10.0.1...

DNN.PLATFORM Allows Stored Cross-Site Scripting (XSS) in Activity Feed

DNN.PLATFORM allows a specially crafted request can inject scripts in the Activity Feed Attachments endpoint which will then render in the feed, resulting in a cross-site scripting attack. This vulnerability is fixed in 10.0.1...

GHSA-WWC9-WMM3-2PMF DNN.PLATFORM Allows Stored Cross-Site Scripting (XSS) in Activity Feed

DNN.PLATFORM allows a specially crafted request can inject scripts in the Activity Feed Attachments endpoint which will then render in the feed, resulting in a cross-site scripting attack. This vulnerability is fixed in 10.0.1...

DNN.PLATFORM Allows Reflected Cross-Site Scripting (XSS) in some TokenReplace situations with SkinObjects

DNN.PLATFORM allows specially crafted content in URLs could be used with TokenReplace and not be properly sanitized by some SkinObjects. This vulnerability is fixed in 10.0.1...

CVE-2025-48377 Dnn.Platform vulnerable to Reflected Cross-Site Scripting (XSS) in module actions in edit mode

DNN formerly DotNetNuke is an open-source web content management platform CMS in the Microsoft ecosystem. Prior to version 9.13.9, a specially crafted URL may be constructed which can inject an XSS payload that is triggered by using some module actions. Version 9.13.9 fixes the issue...

CVE-2025-32374 Possible Denial of Service (DoS) in DNN.PLATFORM registration

DNN formerly DotNetNuke is an open-source web content management platform CMS in the Microsoft ecosystem. Possible denial of service with specially crafted information in the public registration form. This vulnerability is fixed in 9.13.8...

Path Traversal

dnn.platform is vulnerable to path traversal. The vulnerability exists in logFilePath parameter of ServerSettingsLogsController.cs because administrative account privileges are not properly implemented which allows an attacker to read any system file in the application...

Path traversal

Relative Path Traversal in GitHub repository dnnsoftware/dnn.platform prior to 9.11.0...

CVE-2022-2922 Relative Path Traversal in dnnsoftware/dnn.platform

Relative Path Traversal in GitHub repository dnnsoftware/dnn.platform prior to 9.11.0...

CVE-2022-2922 Relative Path Traversal in dnnsoftware/dnn.platform

Relative Path Traversal in GitHub repository dnnsoftware/dnn.platform prior to 9.11.0...

CVE-2022-2922

CVE-2022-2922 describes a Relative Path Traversal in the DotNetNuke/DNN platform (GitHub: dnnsoftware/dnn.platform) up to version 9.11.0 . The vulnerability arises from insufficient sanitization of user-controlled input, enabling an authenticated, remote attacker to craft a URI containing directo...

Cross-Site Scripting (XSS)

Dnn.Platform is vulnerable to cross-site scripting XSS. The vulnerability exists as it allows XHTML tags such as...

Remote Code Execution (RCE)

DNN.Platform is vulnerable to remote code execution RCE. This is due to the application storing profile information for users in the DNNPersonalization cookie as XML and the structure includes a type attribute that instructs the server the type of object to create upon deserialization. The...

Insecure Encryption Key

Dnn.Platform uses an insecure encryption key. The vulnerability exists as it does not actually use an encrypted key as its key...

Information Disclosure

Dnn.Platform is vulnerable to information disclosure. The attack is due to the use of weak encryption algorithm to encrypt input parameters...

Cross-Site Scripting (XSS)

Dnn.Platform is vulnerable to cross-site scripting. A lack of sanitization in the redirect URL as displayed on the redirect page allows remote attackers to inject arbitrary Javascript into a victim's browser to steal session cookies or perform unwanted actions on behalf of the user...