Lucene search
K
DnnsoftwareDotnetnuke4.0

13 matches found

CVE
CVE
added 2014/03/12 2:0 p.m.70 views

CVE-2013-7335

CVE-2013-7335 describes an open redirect vulnerability in DotNetNuke (DNN) prior to 6.2.9 and in 7.x prior to 7.1.1. The issue allows remote attackers to redirect users to arbitrary sites and potentially conduct phishing via unspecified vectors. Affected product is DotNetNuke (DNN); the root caus...

4.3CVSS6.7AI score0.01177EPSS
CVE
CVE
added 2009/04/21 6:7 p.m.68 views

CVE-2008-6732

CVE-2008-6732 describes a cross-site scripting (XSS) vulnerability in the Language skin object of DotNetNuke prior to 4.8.4. The issue allows remote attackers to inject arbitrary web script or HTML via newly generated paths. Affected product: DotNetNuke (Skin Language object); vulnerability type:...

4.3CVSS5.9AI score0.01074EPSS
CVE
CVE
added 2014/03/12 2:0 p.m.68 views

CVE-2013-4649

DotNetNuke (DNN) is affected by a cross-site scripting (XSS) vulnerability (CVE-2013-4649) in which user input to the __dnnVariable parameter on the default URI is not sanitized. Affected versions are DNN before 6.2.9 and 7.x before 7.1.1, enabling remote attackers to inject arbitrary script/HTML...

4.3CVSS5.7AI score0.02456EPSS
CVE
CVE
added 2009/11/28 11:0 a.m.63 views

CVE-2009-4109

Affected software: DotNetNuke 4.0 through 5.1.4. Vulnerability: The install wizard does not prevent anonymous users from accessing upgrade-determination functionality, allowing remote attackers to access version information and possibly other sensitive data. Root cause / mechanism: Information di...

5CVSS6.5AI score0.01229EPSS
CVE
CVE
added 2009/08/27 8:0 p.m.61 views

CVE-2008-7102

DotNetNuke 2.0–4.8.4 is affected by a skin-file security bypass vulnerability that lets remote attackers load .ascx files instead of skin files due to parameter-validation issues. Affected component: skin file handling; root cause: parameter validation weakness. Impact per sources: potential acce...

7.5CVSS6.9AI score0.01413EPSS
CVE
CVE
added 2006/09/25 1:0 a.m.60 views

CVE-2006-4973

DotNetNuke (Perpetual Motion Interactive Systems) has a reflected XSS vulnerability in Default.aspx: versions prior to 3.3.5 and 4.x prior to 4.3.5 allow remote attackers to inject arbitrary HTML via the error parameter. Affected software is DotNetNuke under Perpetual Motion Interactive Systems. ...

4.3CVSS6AI score0.01902EPSS
CVE
CVE
added 2009/03/30 1:0 a.m.56 views

CVE-2008-6540

DotNetNuke prior to 4.8.2 stores default ValidationKey and DecryptionKey in web.config during installation or upgrade. This weak configuration allows remote attackers to bypass access restrictions by using the default keys. Impact: potential authentication/authorization bypass. Mitigation: upgrad...

5.1CVSS6.9AI score0.02495EPSS
CVE
CVE
added 2009/08/27 8:0 p.m.54 views

CVE-2008-7101

DotNetNuke versions 4.0–4.8.4 and 5.0 are affected by an information disclosure vulnerability in the Install Wizard, allowing remote attackers to obtain the portal number via access to the wizard page. Root cause is unspecified in the sources, but the issue is categorized as a remote information ...

5CVSS6.3AI score0.01267EPSS
CVE
CVE
added 2009/04/07 10:0 a.m.52 views

CVE-2008-6644

CVE-2008-6644 is an XSS vulnerability in DotNetNuke’s Default.aspx (affecting 4.8.3 and earlier) that allows remote attackers to inject arbitrary script/HTML via the PATH_INFO. The affected component is DotNetNuke web UI, with the root cause being improper handling of PATH_INFO leading to script ...

4.3CVSS5.9AI score0.01523EPSS
CVE
CVE
added 2009/04/22 9:0 p.m.52 views

CVE-2009-1366

CVE-2009-1366 corresponds to a Cross-site Scripting (XSS) vulnerability in DotNetNuke (DNN) prior to 4.9.3, specifically in Website\admin\Sales\paypalipn.aspx. The issue allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to name/value pairs and PayPal I...

4.3CVSS5.8AI score0.0103EPSS
CVE
CVE
added 2014/03/12 2:0 p.m.52 views

CVE-2013-3943

CVE-2013-3943 (DotNetNuke/DNN) — XSS in Display Name field . Affected: DNN versions before 6.2.9 and 7.x before 7.1.1. Description: remote authenticated users can inject arbitrary script/HTML via the Display Name in Manage Profile, indicating a persistent XSS vulnerability. Connection details fro...

3.5CVSS5.3AI score0.00944EPSS
CVE
CVE
added 2009/03/30 1:0 a.m.50 views

CVE-2008-6542

CVE-2008-6542 affects DotNetNuke’s Skin Manager prior to 4.8.2. The vulnerability allows a remote authenticated administrator to trigger server-side execution of application logic by uploading a static file that is converted into a dynamic script via unknown vectors related to HTM/HTML files. The...

4.6CVSS6.3AI score0.01606EPSS
CVE
CVE
added 2009/03/30 1:0 a.m.49 views

CVE-2008-6541

The CVE-2008-6541 entry describes an unrestricted file upload vulnerability in the DotNetNuke file manager module prior to version 4.8.2. Remote administrators could upload arbitrary files and gain server privileges via unspecified vectors. Affected product: DotNetNuke, component: file manager mo...

6.8CVSS7.2AI score0.01006EPSS