13 matches found
CVE-2013-7335
CVE-2013-7335 describes an open redirect vulnerability in DotNetNuke (DNN) prior to 6.2.9 and in 7.x prior to 7.1.1. The issue allows remote attackers to redirect users to arbitrary sites and potentially conduct phishing via unspecified vectors. Affected product is DotNetNuke (DNN); the root caus...
CVE-2008-6732
CVE-2008-6732 describes a cross-site scripting (XSS) vulnerability in the Language skin object of DotNetNuke prior to 4.8.4. The issue allows remote attackers to inject arbitrary web script or HTML via newly generated paths. Affected product: DotNetNuke (Skin Language object); vulnerability type:...
CVE-2013-4649
DotNetNuke (DNN) is affected by a cross-site scripting (XSS) vulnerability (CVE-2013-4649) in which user input to the __dnnVariable parameter on the default URI is not sanitized. Affected versions are DNN before 6.2.9 and 7.x before 7.1.1, enabling remote attackers to inject arbitrary script/HTML...
CVE-2009-4109
Affected software: DotNetNuke 4.0 through 5.1.4. Vulnerability: The install wizard does not prevent anonymous users from accessing upgrade-determination functionality, allowing remote attackers to access version information and possibly other sensitive data. Root cause / mechanism: Information di...
CVE-2008-7102
DotNetNuke 2.0–4.8.4 is affected by a skin-file security bypass vulnerability that lets remote attackers load .ascx files instead of skin files due to parameter-validation issues. Affected component: skin file handling; root cause: parameter validation weakness. Impact per sources: potential acce...
CVE-2006-4973
DotNetNuke (Perpetual Motion Interactive Systems) has a reflected XSS vulnerability in Default.aspx: versions prior to 3.3.5 and 4.x prior to 4.3.5 allow remote attackers to inject arbitrary HTML via the error parameter. Affected software is DotNetNuke under Perpetual Motion Interactive Systems. ...
CVE-2008-6540
DotNetNuke prior to 4.8.2 stores default ValidationKey and DecryptionKey in web.config during installation or upgrade. This weak configuration allows remote attackers to bypass access restrictions by using the default keys. Impact: potential authentication/authorization bypass. Mitigation: upgrad...
CVE-2008-7101
DotNetNuke versions 4.0–4.8.4 and 5.0 are affected by an information disclosure vulnerability in the Install Wizard, allowing remote attackers to obtain the portal number via access to the wizard page. Root cause is unspecified in the sources, but the issue is categorized as a remote information ...
CVE-2008-6644
CVE-2008-6644 is an XSS vulnerability in DotNetNuke’s Default.aspx (affecting 4.8.3 and earlier) that allows remote attackers to inject arbitrary script/HTML via the PATH_INFO. The affected component is DotNetNuke web UI, with the root cause being improper handling of PATH_INFO leading to script ...
CVE-2009-1366
CVE-2009-1366 corresponds to a Cross-site Scripting (XSS) vulnerability in DotNetNuke (DNN) prior to 4.9.3, specifically in Website\admin\Sales\paypalipn.aspx. The issue allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to name/value pairs and PayPal I...
CVE-2013-3943
CVE-2013-3943 (DotNetNuke/DNN) — XSS in Display Name field . Affected: DNN versions before 6.2.9 and 7.x before 7.1.1. Description: remote authenticated users can inject arbitrary script/HTML via the Display Name in Manage Profile, indicating a persistent XSS vulnerability. Connection details fro...
CVE-2008-6542
CVE-2008-6542 affects DotNetNuke’s Skin Manager prior to 4.8.2. The vulnerability allows a remote authenticated administrator to trigger server-side execution of application logic by uploading a static file that is converted into a dynamic script via unknown vectors related to HTM/HTML files. The...
CVE-2008-6541
The CVE-2008-6541 entry describes an unrestricted file upload vulnerability in the DotNetNuke file manager module prior to version 4.8.2. Remote administrators could upload arbitrary files and gain server privileges via unspecified vectors. Affected product: DotNetNuke, component: file manager mo...