Dotnetnuke Security Vulnerabilities and Issues — Dotnetnuke CVE List

Lucene search

DnnsoftwareDotnetnuke

6 matches found

CVE•added 2019/07/03 5:15 p.m.•1107 views

CVE-2018-15811

DNN (aka DotNetNuke) 9.2 through 9.2.1 uses a weak encryption algorithm to protect input parameters.

7.5CVSS7.3AI score0.75191EPSS

In wild

CVE•added 2019/07/03 5:15 p.m.•1085 views

CVE-2018-18325

DNN (aka DotNetNuke) 9.2 through 9.2.2 uses a weak encryption algorithm to protect input parameters. NOTE: this issue exists because of an incomplete fix for CVE-2018-15811.

7.5CVSS7.5AI score0.76118EPSS

In wild

CVE•added 2019/07/03 5:15 p.m.•261 views

CVE-2018-15812

DNN (aka DotNetNuke) 9.2 through 9.2.1 incorrectly converts encryption key source values, resulting in lower than expected entropy.

7.5CVSS7.4AI score0.82374EPSS

In wild

CVE•added 2019/09/26 8:15 p.m.•167 views

CVE-2019-12562

Stored Cross-Site Scripting in DotNetNuke (DNN) Version before 9.4.0 allows remote attackers to store and embed the malicious script into the admin notification page. The exploit could be used to perfom any action with admin privileges such as managing content, adding users, uploading backdoors to ...

6.1CVSS5.7AI score0.38668EPSS

Web

CVE•added 2019/07/03 5:15 p.m.•147 views

CVE-2018-18326

DNN (aka DotNetNuke) 9.2 through 9.2.2 incorrectly converts encryption key source values, resulting in lower than expected entropy. NOTE: this issue exists because of an incomplete fix for CVE-2018-15812.

7.5CVSS7.6AI score0.82374EPSS

CVE•added 2019/03/21 4:0 p.m.•38 views

CVE-2018-14486

DNN (formerly DotNetNuke) 9.1.1 allows cross-site scripting (XSS) via XML.

6.1CVSS6AI score0.00479EPSS