Dnnsoftware

Dotnetnuke

45 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.4

CVE-2020-37103

Exploit
  • EPSS 0.05%
  • Veröffentlicht 03.02.2026 16:52:42
  • Zuletzt bearbeitet 09.02.2026 22:10:18

DotNetNuke 9.5 contains a persistent cross-site scripting vulnerability that allows normal users to upload malicious XML files with executable scripts through journal tools. Attackers can upload XML files with XHTML namespace scripts to execute arbit...

5.4

CVE-2026-24838

  • EPSS 0.04%
  • Veröffentlicht 27.01.2026 23:58:33
  • Zuletzt bearbeitet 04.02.2026 20:10:41

DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Prior to versions 9.13.10 and 10.2.0, module title supports richtext which could include scripts that would execute in certain scenarios. V...

5.4

CVE-2026-24837

  • EPSS 0.01%
  • Veröffentlicht 27.01.2026 23:53:23
  • Zuletzt bearbeitet 04.02.2026 20:11:09

DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Starting in version 9.0.0 and prior to versions 9.13.10 and 10.2.0, a module friendly name could include scripts that will run during some m...

5.4

CVE-2026-24836

  • EPSS 0.01%
  • Veröffentlicht 27.01.2026 23:51:27
  • Zuletzt bearbeitet 04.02.2026 20:11:52

DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Starting in version 9.0.0 and prior to versions 9.13.10 and 10.2.0, extensions could write richtext in log notes which can include scripts t...

5.4

CVE-2026-24833

  • EPSS 0.04%
  • Veröffentlicht 27.01.2026 23:49:25
  • Zuletzt bearbeitet 04.02.2026 20:12:35

DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Prior to versions 9.13.10 and 10.2.0, a module could install with richtext in its description field which could contain scripts that will ru...

4.8

CVE-2026-24784

  • EPSS 0.04%
  • Veröffentlicht 27.01.2026 23:47:41
  • Zuletzt bearbeitet 04.02.2026 20:13:46

DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Starting in version 9.0.0 and prior to versions 9.13.10 and 10.2.0, a content editor could inject scripts in module headers/footers that wou...

9.8

CVE-2025-64095

  • EPSS 15.22%
  • Veröffentlicht 28.10.2025 21:46:11
  • Zuletzt bearbeitet 03.11.2025 19:39:58

DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Prior to 10.1.1, the default HTML editor provider allows unauthenticated file uploads and images can overwrite existing files. An unauthenti...

5.4

CVE-2025-64094

  • EPSS 0.05%
  • Veröffentlicht 28.10.2025 21:44:31
  • Zuletzt bearbeitet 03.11.2025 19:38:46

DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Prior to 10.1.1, sanitization of the content of uploaded SVG files was not covering all possible XSS scenarios. This vulnerability exists b...

4.3

CVE-2025-62802

  • EPSS 0.15%
  • Veröffentlicht 28.10.2025 21:42:07
  • Zuletzt bearbeitet 03.11.2025 19:38:00

DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Prior to 10.1.1, the out-of-box experience for HTML editing allows unauthenticated users to upload files. This opens a potential vector to o...

6.1

CVE-2025-59821

  • EPSS 0.03%
  • Veröffentlicht 23.09.2025 18:15:41
  • Zuletzt bearbeitet 29.09.2025 12:58:27

DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Prior to version 10.1.0, DNN’s URL/path handling and template rendering can allow specially crafted input to be reflected into a user profil...