Cross-Site Scripting (XSS)

dotnetnuke.core is vulnerable to cross-site scripting XSS. The vulnerability is due to improper validation or sanitization of specially crafted URLs, allowing malicious scripts to be injected and executed through certain module actions...

Cross-Site Scripting (XSS)

dotnetnuke.core is vulnerable to cross-site scripting XSS. The vulnerability is due to uploaded SVG files containing scripts that, when rendered inline. It allows an attacker to execute malicious scripts in the context of the user’s browser...

Denial of Service (DoS)

Overview DotNetNuke.Core is a references provider to the DotNetNuke.dll to develop extensions for the DNN Platform. Affected versions of this package are vulnerable to Denial of Service DoS through the public registration form. Details Denial of Service DoS describes a family of attacks, all aime...

Cross-site Scripting (XSS)

dotnetnuke.core is vulnerable to cross-site scripting XSS. The attack is possible since there is no validation for Display Name field in the admin notification function, allowing an authenticated user to inject and store arbitrary script through it...

Open Redirection

DotNetNuke.Core is vulnerable to open redirection. A remote attacker is able to redirect users to a malicious page and perform phishing attacks to steal confidential information such as a user's username and password...

Cross-Site Scripting (XSS)

DotNetNuke.Core is vulnerable to cross-site scripting. A remote attacker is able to inject arbitrary Javascript into a victim's browser to steal session tokens or perform unwanted actions on behalf of the user via the dnnVariable parameter to the default URI...

Cross-Site Scripting (XSS)

DotNetNuke.Core is vulnerable to cross-site scripting. A remote attacker is able to inject arbitrary Javascript into a victim's browser via a crafted URL containing text that is used within a modal popup...