Dnnsoftware

Dotnetnuke

76 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
8

CVE-2026-40321

  • EPSS 7.6%
  • Veröffentlicht 17.04.2026 21:10:33
  • Zuletzt bearbeitet 24.04.2026 14:41:30

DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Prior to version 10.2.2, a user could upload a specially crafted SVG file that could include scripts that can target both authenticated and ...

6.5

CVE-2026-40306

  • EPSS 0.18%
  • Veröffentlicht 17.04.2026 21:09:30
  • Zuletzt bearbeitet 24.04.2026 14:29:47

DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. All new installations of DNN 10.x.x - 10.2.1 have the same Host GUID. This does not affect upgrades from 9.x.x. Version 10.2.2 patches the i...

4.3

CVE-2026-40305

  • EPSS 0.18%
  • Veröffentlicht 17.04.2026 21:06:09
  • Zuletzt bearbeitet 24.04.2026 14:40:43

DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Starting in version 6.0.0 and prior to version 10.2.2, in the friends feature, a user could craft a request that would force the acceptance ...

5.4

CVE-2020-37103

Exploit
  • EPSS 0.29%
  • Veröffentlicht 03.02.2026 16:52:42
  • Zuletzt bearbeitet 09.02.2026 22:10:18

DotNetNuke 9.5 contains a persistent cross-site scripting vulnerability that allows normal users to upload malicious XML files with executable scripts through journal tools. Attackers can upload XML files with XHTML namespace scripts to execute arbit...

5.4

CVE-2026-24838

  • EPSS 0.19%
  • Veröffentlicht 27.01.2026 23:58:33
  • Zuletzt bearbeitet 04.02.2026 20:10:41

DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Prior to versions 9.13.10 and 10.2.0, module title supports richtext which could include scripts that would execute in certain scenarios. V...

5.4

CVE-2026-24837

  • EPSS 0.25%
  • Veröffentlicht 27.01.2026 23:53:23
  • Zuletzt bearbeitet 04.02.2026 20:11:09

DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Starting in version 9.0.0 and prior to versions 9.13.10 and 10.2.0, a module friendly name could include scripts that will run during some m...

5.4

CVE-2026-24836

  • EPSS 0.23%
  • Veröffentlicht 27.01.2026 23:51:27
  • Zuletzt bearbeitet 04.02.2026 20:11:52

DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Starting in version 9.0.0 and prior to versions 9.13.10 and 10.2.0, extensions could write richtext in log notes which can include scripts t...

5.4

CVE-2026-24833

  • EPSS 0.17%
  • Veröffentlicht 27.01.2026 23:49:25
  • Zuletzt bearbeitet 04.02.2026 20:12:35

DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Prior to versions 9.13.10 and 10.2.0, a module could install with richtext in its description field which could contain scripts that will ru...

4.8

CVE-2026-24784

  • EPSS 0.16%
  • Veröffentlicht 27.01.2026 23:47:41
  • Zuletzt bearbeitet 04.02.2026 20:13:46

DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Starting in version 9.0.0 and prior to versions 9.13.10 and 10.2.0, a content editor could inject scripts in module headers/footers that wou...

9.8

CVE-2025-64095

  • EPSS 44.19%
  • Veröffentlicht 28.10.2025 21:46:11
  • Zuletzt bearbeitet 03.11.2025 19:39:58

DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Prior to 10.1.1, the default HTML editor provider allows unauthenticated file uploads and images can overwrite existing files. An unauthenti...