Lucene search
K
DnnsoftwareDotnetnuke4.6.2

10 matches found

CVE
CVE
added 2014/03/12 2:0 p.m.70 views

CVE-2013-7335

CVE-2013-7335 describes an open redirect vulnerability in DotNetNuke (DNN) prior to 6.2.9 and in 7.x prior to 7.1.1. The issue allows remote attackers to redirect users to arbitrary sites and potentially conduct phishing via unspecified vectors. Affected product is DotNetNuke (DNN); the root caus...

4.3CVSS6.7AI score0.01177EPSS
CVE
CVE
added 2009/04/21 6:7 p.m.68 views

CVE-2008-6732

CVE-2008-6732 describes a cross-site scripting (XSS) vulnerability in the Language skin object of DotNetNuke prior to 4.8.4. The issue allows remote attackers to inject arbitrary web script or HTML via newly generated paths. Affected product: DotNetNuke (Skin Language object); vulnerability type:...

4.3CVSS5.9AI score0.01074EPSS
CVE
CVE
added 2014/03/12 2:0 p.m.68 views

CVE-2013-4649

DotNetNuke (DNN) is affected by a cross-site scripting (XSS) vulnerability (CVE-2013-4649) in which user input to the __dnnVariable parameter on the default URI is not sanitized. Affected versions are DNN before 6.2.9 and 7.x before 7.1.1, enabling remote attackers to inject arbitrary script/HTML...

4.3CVSS5.7AI score0.02456EPSS
Web
CVE
CVE
added 2009/11/28 11:0 a.m.63 views

CVE-2009-4109

Affected software: DotNetNuke 4.0 through 5.1.4. Vulnerability: The install wizard does not prevent anonymous users from accessing upgrade-determination functionality, allowing remote attackers to access version information and possibly other sensitive data. Root cause / mechanism: Information di...

5CVSS6.5AI score0.01229EPSS
CVE
CVE
added 2009/08/27 8:0 p.m.61 views

CVE-2008-7102

DotNetNuke 2.0–4.8.4 is affected by a skin-file security bypass vulnerability that lets remote attackers load .ascx files instead of skin files due to parameter-validation issues. Affected component: skin file handling; root cause: parameter validation weakness. Impact per sources: potential acce...

7.5CVSS6.9AI score0.01413EPSS
CVE
CVE
added 2009/08/27 8:0 p.m.54 views

CVE-2008-7101

DotNetNuke versions 4.0–4.8.4 and 5.0 are affected by an information disclosure vulnerability in the Install Wizard, allowing remote attackers to obtain the portal number via access to the wizard page. Root cause is unspecified in the sources, but the issue is categorized as a remote information ...

5CVSS6.3AI score0.01267EPSS
CVE
CVE
added 2009/04/22 9:0 p.m.52 views

CVE-2009-1366

CVE-2009-1366 corresponds to a Cross-site Scripting (XSS) vulnerability in DotNetNuke (DNN) prior to 4.9.3, specifically in Website\admin\Sales\paypalipn.aspx. The issue allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to name/value pairs and PayPal I...

4.3CVSS5.8AI score0.0103EPSS
Web
CVE
CVE
added 2014/03/12 2:0 p.m.52 views

CVE-2013-3943

CVE-2013-3943 (DotNetNuke/DNN) — XSS in Display Name field . Affected: DNN versions before 6.2.9 and 7.x before 7.1.1. Description: remote authenticated users can inject arbitrary script/HTML via the Display Name in Manage Profile, indicating a persistent XSS vulnerability. Connection details fro...

3.5CVSS5.3AI score0.00944EPSS
CVE
CVE
added 2009/04/21 6:7 p.m.48 views

CVE-2008-6733

The CVE-2008-6733 entry concerns a cross-site scripting (XSS) flaw in DotNetNuke versions 4.6.2–4.8.3, where the error handling page is vulnerable to script/HTML injection through a querystring parameter. The vulnerability arises on the error handling page and can be exploited remotely to inject ...

4.3CVSS5.9AI score0.01074EPSS
CVE
CVE
added 2009/08/27 8:0 p.m.45 views

CVE-2008-7100

DotNetNuke 4.4.1 through 4.8.4 is affected by an identity authentication bypass vulnerability described as an authentication bypass in which a flawed handling of a per-user action identifier and improper validation of a user identity can allow remote authenticated users to gain privileges. The Op...

6.5CVSS6.8AI score0.01216EPSS