13 matches found
CVE-2013-7335
CVE-2013-7335 describes an open redirect vulnerability in DotNetNuke (DNN) prior to 6.2.9 and in 7.x prior to 7.1.1. The issue allows remote attackers to redirect users to arbitrary sites and potentially conduct phishing via unspecified vectors. Affected product is DotNetNuke (DNN); the root caus...
CVE-2008-6732
CVE-2008-6732 describes a cross-site scripting (XSS) vulnerability in the Language skin object of DotNetNuke prior to 4.8.4. The issue allows remote attackers to inject arbitrary web script or HTML via newly generated paths. Affected product: DotNetNuke (Skin Language object); vulnerability type:...
CVE-2009-4110
The CVE-2009-4110 entry applies to DotNetNuke (DNN) 4.8.x through 5.1.4, where the Search functionality in SearchResults.aspx is vulnerable to cross-site scripting (XSS) due to insufficient sanitization of the user-provided search terms before dynamic HTML output. The vulnerability is exploitable...
CVE-2013-4649
DotNetNuke (DNN) is affected by a cross-site scripting (XSS) vulnerability (CVE-2013-4649) in which user input to the __dnnVariable parameter on the default URI is not sanitized. Affected versions are DNN before 6.2.9 and 7.x before 7.1.1, enabling remote attackers to inject arbitrary script/HTML...
CVE-2009-4109
Affected software: DotNetNuke 4.0 through 5.1.4. Vulnerability: The install wizard does not prevent anonymous users from accessing upgrade-determination functionality, allowing remote attackers to access version information and possibly other sensitive data. Root cause / mechanism: Information di...
CVE-2008-7102
DotNetNuke 2.0–4.8.4 is affected by a skin-file security bypass vulnerability that lets remote attackers load .ascx files instead of skin files due to parameter-validation issues. Affected component: skin file handling; root cause: parameter validation weakness. Impact per sources: potential acce...
CVE-2008-7101
DotNetNuke versions 4.0–4.8.4 and 5.0 are affected by an information disclosure vulnerability in the Install Wizard, allowing remote attackers to obtain the portal number via access to the wizard page. Root cause is unspecified in the sources, but the issue is categorized as a remote information ...
CVE-2008-6399
CVE-2008-6399 affects DotNetNuke versions 4.5.2 through 4.9, describing an unspecified vulnerability that allows remote attackers to add additional roles to their user account via unknown attack vectors. The available references confirm the vendor advisories but do not reveal the exact attack vec...
CVE-2009-1366
CVE-2009-1366 corresponds to a Cross-site Scripting (XSS) vulnerability in DotNetNuke (DNN) prior to 4.9.3, specifically in Website\admin\Sales\paypalipn.aspx. The issue allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to name/value pairs and PayPal I...
CVE-2013-3943
CVE-2013-3943 (DotNetNuke/DNN) — XSS in Display Name field . Affected: DNN versions before 6.2.9 and 7.x before 7.1.1. Description: remote authenticated users can inject arbitrary script/HTML via the Display Name in Manage Profile, indicating a persistent XSS vulnerability. Connection details fro...
CVE-2008-6644
CVE-2008-6644 is an XSS vulnerability in DotNetNuke’s Default.aspx (affecting 4.8.3 and earlier) that allows remote attackers to inject arbitrary script/HTML via the PATH_INFO. The affected component is DotNetNuke web UI, with the root cause being improper handling of PATH_INFO leading to script ...
CVE-2008-6733
The CVE-2008-6733 entry concerns a cross-site scripting (XSS) flaw in DotNetNuke versions 4.6.2–4.8.3, where the error handling page is vulnerable to script/HTML injection through a querystring parameter. The vulnerability arises on the error handling page and can be exploited remotely to inject ...
CVE-2008-7100
DotNetNuke 4.4.1 through 4.8.4 is affected by an identity authentication bypass vulnerability described as an authentication bypass in which a flawed handling of a per-user action identifier and improper validation of a user identity can allow remote authenticated users to gain privileges. The Op...