Dotnetnuke Security Vulnerabilities and Issues — Dotnetnuke CVE List

Lucene search

DnnsoftwareDotnetnuke

6 matches found

CVE•added 2019/07/03 5:15 p.m.•1088 views

CVE-2018-15811

DNN (aka DotNetNuke) 9.2 through 9.2.1 uses a weak encryption algorithm to protect input parameters.

7.5CVSS7.3AI score0.75191EPSS

CVE•added 2019/07/03 5:15 p.m.•1067 views

CVE-2018-18325

DNN (aka DotNetNuke) 9.2 through 9.2.2 uses a weak encryption algorithm to protect input parameters. NOTE: this issue exists because of an incomplete fix for CVE-2018-15811.

7.5CVSS7.5AI score0.76118EPSS

CVE•added 2019/07/03 5:15 p.m.•244 views

CVE-2018-15812

DNN (aka DotNetNuke) 9.2 through 9.2.1 incorrectly converts encryption key source values, resulting in lower than expected entropy.

7.5CVSS7.4AI score0.82374EPSS

CVE•added 2019/07/03 5:15 p.m.•146 views

CVE-2018-18326

DNN (aka DotNetNuke) 9.2 through 9.2.2 incorrectly converts encryption key source values, resulting in lower than expected entropy. NOTE: this issue exists because of an incomplete fix for CVE-2018-15812.

7.5CVSS7.6AI score0.82374EPSS

CVE•added 2018/07/03 9:29 p.m.•112 views

CVE-2017-0929

DNN (aka DotNetNuke) before 9.2.0 suffers from a Server-Side Request Forgery (SSRF) vulnerability in the DnnImageHandler class. Attackers may be able to access information about internal network resources.

7.5CVSS7.2AI score0.90944EPSS

CVE•added 2022/06/02 2:15 p.m.•61 views

CVE-2021-40186

The AppCheck research team identified a Server-Side Request Forgery (SSRF) vulnerability within the DNN CMS platform, formerly known as DotNetNuke. SSRF vulnerabilities allow the attacker to exploit the target system to make network requests on their behalf, allowing a range of possible attacks. In...

7.5CVSS7.1AI score0.00295EPSS