754 matches found
Dotnetnuke < 10.2.2 Same HostGUID for all new installs (CVE-2026-40306)
According to its self-reported version, the instance of Dotnetnuke running on the remote web server is prior to 10.2.2. It is, therefore, affected by a vulnerability. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number...
Dotnetnuke 6.0.x < 10.2.2 Force Friend Request Acceptance (GHSA-fpj4-9qhx-5m6m)
According to its self-reported version, the instance of Dotnetnuke running on the remote web server is 6.0.x prior to 10.2.2. It is, therefore, affected by a vulnerability. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number...
Dotnetnuke 6.0.x < 10.2.2 Force Friend Request Acceptance (CVE-2026-40305)
According to its self-reported version, the instance of Dotnetnuke running on the remote web server is 6.0.x prior to 10.2.2. It is, therefore, affected by a vulnerability. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number...
Dotnetnuke < 10.2.2 Same HostGUID for all new installs (GHSA-2rhw-gw3f-477j)
According to its self-reported version, the instance of Dotnetnuke running on the remote web server is prior to 10.2.2. It is, therefore, affected by a vulnerability. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number...
Dotnetnuke < 10.2.2 Stored cross-site-scripting (XSS) via SVG upload (GHSA-ffq7-898w-9jc4)
According to its self-reported version, the instance of Dotnetnuke running on the remote web server is prior to 10.2.2. It is, therefore, affected by a vulnerability. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number...
DNN - Unrestricted Arbitrary File Upload
DNN formerly DotNetNuke \u003C 10.1.1 contains an unrestricted file upload vulnerability caused by the default HTML editor provider allowing unauthenticated file uploads and overwriting existing files, letting unauthenticated attackers deface websites and inject XSS payloads, exploit requires no...
Cross-Site Scripting (XSS)
dotnetnuke.core is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to improper input validation in module friendly names, which allows an attacker to inject and execute malicious scripts during certain module operations in the Persona Bar...
Cross-site Scripting (XSS)
dotnetnuke.core is vulnerable to cross-site scripting XSS. The vulnerability is due to module titles supporting rich text input without proper script sanitization, which allows an attacker to inject and execute malicious scripts in certain scenarios...
Dotnetnuke 9.0.x < 9.13.10 / 10.0.x < 10.02.00 Potential XSS vulnerability in modules' header and footer (CVE-2026-24784)
According to its self-reported version, the instance of Dotnetnuke running on the remote web server is 9.0.x prior to 9.13.10 or 10.0.x prior to 10.02.00. It is, therefore, affected by a vulnerability. - DNN formerly DotNetNuke is an open-source web content management platform CMS in the Microsof...
Dotnetnuke 9.0.x < 9.13.10 / 10.0.x < 10.02.00 Stored XSS in Scheduler LogNotes (CVE-2026-24836)
According to its self-reported version, the instance of Dotnetnuke running on the remote web server is 9.0.x prior to 9.13.10 or 10.0.x prior to 10.02.00. It is, therefore, affected by a vulnerability. - DNN formerly DotNetNuke is an open-source web content management platform CMS in the Microsof...
DNN DotNetNuke.Core < 9.13.10 / 10.0 < 10.2.0 XSS
According to its self-reported version, the instance of DNN formerly DotNetNuke running on the remote web server is prior to 9.13.10 and 10.2.0. It is, therefore, affected by a cross-site scripting vulnerability: - DNN formerly DotNetNuke is an open-source web content management platform CMS in t...
Dotnetnuke < 9.13.10 / 10.0.x < 10.02.00 Stored XSS in Module Description (CVE-2026-24833)
According to its self-reported version, the instance of Dotnetnuke running on the remote web server is prior to 9.13.10 or 10.0.x prior to 10.02.00. It is, therefore, affected by a vulnerability. - DNN formerly DotNetNuke is an open-source web content management platform CMS in the Microsoft...
Dotnetnuke 9.0.x < 9.13.10 / 10.0.x < 10.2.0 Stored XSS in Module Deletion Confirmation Modal (CVE-2026-24837)
According to its self-reported version, the instance of Dotnetnuke running on the remote web server is 9.0.x prior to 9.13.10 or 10.0.x prior to 10.2.0. It is, therefore, affected by a vulnerability. - DNN formerly DotNetNuke is an open-source web content management platform CMS in the Microsoft...
Dotnetnuke < 9.13.10 / 10.0.x < 10.02.00 Stored XSS via Module Title (CVE-2026-24838)
According to its self-reported version, the instance of Dotnetnuke running on the remote web server is prior to 9.13.10 or 10.0.x prior to 10.02.00. It is, therefore, affected by a vulnerability. - DNN formerly DotNetNuke is an open-source web content management platform CMS in the Microsoft...
CVE-2020-37103
DotNetNuke 9.5 contains a persistent cross-site scripting vulnerability that allows normal users to upload malicious XML files with executable scripts through journal tools. Attackers can upload XML files with XHTML namespace scripts to execute arbitrary JavaScript in users' browsers, potentially...
CVE-2020-37103
DotNetNuke 9.5 contains a persistent cross-site scripting vulnerability that allows normal users to upload malicious XML files with executable scripts through journal tools. Attackers can upload XML files with XHTML namespace scripts to execute arbitrary JavaScript in users' browsers, potentially...
CVE-2020-37103 DotNetNuke 9.5 - Persistent Cross-Site Scripting
DotNetNuke 9.5 contains a persistent cross-site scripting vulnerability that allows normal users to upload malicious XML files with executable scripts through journal tools. Attackers can upload XML files with XHTML namespace scripts to execute arbitrary JavaScript in users' browsers, potentially...
CVE-2020-37103 DotNetNuke 9.5 - Persistent Cross-Site Scripting
DotNetNuke 9.5 contains a persistent cross-site scripting vulnerability that allows normal users to upload malicious XML files with executable scripts through journal tools. Attackers can upload XML files with XHTML namespace scripts to execute arbitrary JavaScript in users' browsers, potentially...
EUVD-2020-30988
DotNetNuke 9.5 contains a persistent cross-site scripting vulnerability that allows normal users to upload malicious XML files with executable scripts through journal tools. Attackers can upload XML files with XHTML namespace scripts to execute arbitrary JavaScript in users' browsers, potentially...
CVE-2020-37103
DotNetNuke 9.5 contains a persistent cross-site scripting vulnerability that allows normal users to upload malicious XML files with executable scripts through journal tools. Attackers can upload XML files with XHTML namespace scripts to execute arbitrary JavaScript in users' browsers, potentially...