Lucene search
K

754 matches found

Tenable Nessus
Tenable Nessus
added 2026/04/10 12:0 a.m.10 views

Dotnetnuke < 10.2.2 Same HostGUID for all new installs (CVE-2026-40306)

According to its self-reported version, the instance of Dotnetnuke running on the remote web server is prior to 10.2.2. It is, therefore, affected by a vulnerability. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number...

6.9CVSS5.8AI score0.00175EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/04/10 12:0 a.m.2 views

Dotnetnuke 6.0.x < 10.2.2 Force Friend Request Acceptance (GHSA-fpj4-9qhx-5m6m)

According to its self-reported version, the instance of Dotnetnuke running on the remote web server is 6.0.x prior to 10.2.2. It is, therefore, affected by a vulnerability. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number...

5.9AI score
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/04/10 12:0 a.m.3 views

Dotnetnuke 6.0.x < 10.2.2 Force Friend Request Acceptance (CVE-2026-40305)

According to its self-reported version, the instance of Dotnetnuke running on the remote web server is 6.0.x prior to 10.2.2. It is, therefore, affected by a vulnerability. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number...

4.3CVSS5.4AI score0.00183EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/04/10 12:0 a.m.2 views

Dotnetnuke < 10.2.2 Same HostGUID for all new installs (GHSA-2rhw-gw3f-477j)

According to its self-reported version, the instance of Dotnetnuke running on the remote web server is prior to 10.2.2. It is, therefore, affected by a vulnerability. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number...

5.9AI score
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/04/10 12:0 a.m.2 views

Dotnetnuke < 10.2.2 Stored cross-site-scripting (XSS) via SVG upload (GHSA-ffq7-898w-9jc4)

According to its self-reported version, the instance of Dotnetnuke running on the remote web server is prior to 10.2.2. It is, therefore, affected by a vulnerability. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number...

5.9AI score
Exploits0References1
Nuclei
Nuclei
added 2026/02/04 7:0 a.m.28 views

DNN - Unrestricted Arbitrary File Upload

DNN formerly DotNetNuke \u003C 10.1.1 contains an unrestricted file upload vulnerability caused by the default HTML editor provider allowing unauthenticated file uploads and overwriting existing files, letting unauthenticated attackers deface websites and inject XSS payloads, exploit requires no...

10CVSS6.2AI score0.44656EPSS
Exploits3References1
Veracode
Veracode
added 2026/02/04 6:40 a.m.6 views

Cross-Site Scripting (XSS)

dotnetnuke.core is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to improper input validation in module friendly names, which allows an attacker to inject and execute malicious scripts during certain module operations in the Persona Bar...

7.6CVSS5.5AI score0.00249EPSS
Exploits0References3Affected Software1
Veracode
Veracode
added 2026/02/04 6:25 a.m.5 views

Cross-site Scripting (XSS)

dotnetnuke.core is vulnerable to cross-site scripting XSS. The vulnerability is due to module titles supporting rich text input without proper script sanitization, which allows an attacker to inject and execute malicious scripts in certain scenarios...

9.1CVSS5AI score0.00188EPSS
Exploits0References4Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/02/04 12:0 a.m.4 views

Dotnetnuke 9.0.x < 9.13.10 / 10.0.x < 10.02.00 Potential XSS vulnerability in modules' header and footer (CVE-2026-24784)

According to its self-reported version, the instance of Dotnetnuke running on the remote web server is 9.0.x prior to 9.13.10 or 10.0.x prior to 10.02.00. It is, therefore, affected by a vulnerability. - DNN formerly DotNetNuke is an open-source web content management platform CMS in the Microsof...

6.8CVSS5.4AI score0.0016EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/02/04 12:0 a.m.5 views

Dotnetnuke 9.0.x < 9.13.10 / 10.0.x < 10.02.00 Stored XSS in Scheduler LogNotes (CVE-2026-24836)

According to its self-reported version, the instance of Dotnetnuke running on the remote web server is 9.0.x prior to 9.13.10 or 10.0.x prior to 10.02.00. It is, therefore, affected by a vulnerability. - DNN formerly DotNetNuke is an open-source web content management platform CMS in the Microsof...

7.6CVSS5.5AI score0.00226EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/02/04 12:0 a.m.4 views

DNN DotNetNuke.Core < 9.13.10 / 10.0 < 10.2.0 XSS

According to its self-reported version, the instance of DNN formerly DotNetNuke running on the remote web server is prior to 9.13.10 and 10.2.0. It is, therefore, affected by a cross-site scripting vulnerability: - DNN formerly DotNetNuke is an open-source web content management platform CMS in t...

9.1CVSS5.2AI score0.00188EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/02/04 12:0 a.m.4 views

Dotnetnuke < 9.13.10 / 10.0.x < 10.02.00 Stored XSS in Module Description (CVE-2026-24833)

According to its self-reported version, the instance of Dotnetnuke running on the remote web server is prior to 9.13.10 or 10.0.x prior to 10.02.00. It is, therefore, affected by a vulnerability. - DNN formerly DotNetNuke is an open-source web content management platform CMS in the Microsoft...

7.6CVSS5.4AI score0.00174EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/02/04 12:0 a.m.4 views

Dotnetnuke 9.0.x < 9.13.10 / 10.0.x < 10.2.0 Stored XSS in Module Deletion Confirmation Modal (CVE-2026-24837)

According to its self-reported version, the instance of Dotnetnuke running on the remote web server is 9.0.x prior to 9.13.10 or 10.0.x prior to 10.2.0. It is, therefore, affected by a vulnerability. - DNN formerly DotNetNuke is an open-source web content management platform CMS in the Microsoft...

7.6CVSS5.4AI score0.00249EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/02/04 12:0 a.m.5 views

Dotnetnuke < 9.13.10 / 10.0.x < 10.02.00 Stored XSS via Module Title (CVE-2026-24838)

According to its self-reported version, the instance of Dotnetnuke running on the remote web server is prior to 9.13.10 or 10.0.x prior to 10.02.00. It is, therefore, affected by a vulnerability. - DNN formerly DotNetNuke is an open-source web content management platform CMS in the Microsoft...

9.1CVSS5.9AI score0.00188EPSS
Exploits0References2
NVD
NVD
added 2026/02/03 6:16 p.m.8 views

CVE-2020-37103

DotNetNuke 9.5 contains a persistent cross-site scripting vulnerability that allows normal users to upload malicious XML files with executable scripts through journal tools. Attackers can upload XML files with XHTML namespace scripts to execute arbitrary JavaScript in users' browsers, potentially...

6.4CVSS0.00291EPSS
Exploits1References4
OSV
OSV
added 2026/02/03 6:16 p.m.8 views

CVE-2020-37103

DotNetNuke 9.5 contains a persistent cross-site scripting vulnerability that allows normal users to upload malicious XML files with executable scripts through journal tools. Attackers can upload XML files with XHTML namespace scripts to execute arbitrary JavaScript in users' browsers, potentially...

5.4CVSS5.6AI score
Exploits0References4
Cvelist
Cvelist
added 2026/02/03 4:52 p.m.93 views

CVE-2020-37103 DotNetNuke 9.5 - Persistent Cross-Site Scripting

DotNetNuke 9.5 contains a persistent cross-site scripting vulnerability that allows normal users to upload malicious XML files with executable scripts through journal tools. Attackers can upload XML files with XHTML namespace scripts to execute arbitrary JavaScript in users' browsers, potentially...

6.4CVSS0.00291EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2026/02/03 4:52 p.m.5 views

CVE-2020-37103 DotNetNuke 9.5 - Persistent Cross-Site Scripting

DotNetNuke 9.5 contains a persistent cross-site scripting vulnerability that allows normal users to upload malicious XML files with executable scripts through journal tools. Attackers can upload XML files with XHTML namespace scripts to execute arbitrary JavaScript in users' browsers, potentially...

6.4CVSS5.4AI score0.00291EPSS
Exploits1References4
EUVD
EUVD
added 2026/02/03 4:52 p.m.10 views

EUVD-2020-30988

DotNetNuke 9.5 contains a persistent cross-site scripting vulnerability that allows normal users to upload malicious XML files with executable scripts through journal tools. Attackers can upload XML files with XHTML namespace scripts to execute arbitrary JavaScript in users' browsers, potentially...

6.4CVSS5.4AI score0.00291EPSS
Exploits1References4
ATTACKERKB
ATTACKERKB
added 2026/02/03 4:52 p.m.5 views

CVE-2020-37103

DotNetNuke 9.5 contains a persistent cross-site scripting vulnerability that allows normal users to upload malicious XML files with executable scripts through journal tools. Attackers can upload XML files with XHTML namespace scripts to execute arbitrary JavaScript in users' browsers, potentially...

6.4CVSS5.4AI score0.00291EPSS
Exploits1References4
Rows per page
Query Builder