Dnnsoftware

Dotnetnuke

45 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.1

CVE-2025-59548

  • EPSS 0.02%
  • Veröffentlicht 23.09.2025 18:15:39
  • Zuletzt bearbeitet 29.09.2025 12:58:02

DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Prior to version 10.1.0, specially crafted URLs to the FileBrowser are vulnerable to javascript injection, affecting any unsuspecting user c...

4.8

CVE-2025-59546

  • EPSS 0.02%
  • Veröffentlicht 23.09.2025 18:15:39
  • Zuletzt bearbeitet 29.09.2025 12:56:28

DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Prior to version 10.1.0, administrators and content editors can set html in module titles that could include javascript which could be used ...

5.3

CVE-2025-59547

  • EPSS 0.07%
  • Veröffentlicht 23.09.2025 18:15:39
  • Zuletzt bearbeitet 29.09.2025 12:57:09

DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Prior to version 10.1.0, the CKEditor file upload endpoint has insufficient sanitization for filenames allowing probing network endpoints. A...

9

CVE-2025-59545

  • EPSS 0.04%
  • Veröffentlicht 23.09.2025 18:15:38
  • Zuletzt bearbeitet 29.09.2025 12:56:04

DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Prior to version 10.1.0, the Prompt module allows execution of commands that can return raw HTML. Malicious input, even if sanitized for dis...

5.4

CVE-2025-59539

  • EPSS 0.03%
  • Veröffentlicht 23.09.2025 18:15:38
  • Zuletzt bearbeitet 29.09.2025 12:42:58

DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Prior to version 10.1.0, when embedding information in the Biography field, even if that field is not rich-text, users could inject javascri...

6.5

CVE-2025-59535

  • EPSS 0.1%
  • Veröffentlicht 22.09.2025 21:16:00
  • Zuletzt bearbeitet 29.09.2025 12:53:14

DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Prior to version 10.1.0, arbitrary themes can be loaded through query parameters. If an installed theme had a vulnerability, even if it was ...

8.6

CVE-2025-52488

  • EPSS 16.45%
  • Veröffentlicht 21.06.2025 02:51:25
  • Zuletzt bearbeitet 15.09.2025 15:21:56

DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. In versions 6.0.0 to before 10.0.1, DNN.PLATFORM allows a specially crafted series of malicious interaction to potentially expose NTLM hashe...

7.5

CVE-2025-52487

  • EPSS 0.06%
  • Veröffentlicht 21.06.2025 02:44:58
  • Zuletzt bearbeitet 15.09.2025 15:30:48

DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. In versions 7.0.0 to before 10.0.1, DNN.PLATFORM allows a specially crafted request or proxy to be created that could bypass the design of D...

6.1

CVE-2025-52486

  • EPSS 0.03%
  • Veröffentlicht 21.06.2025 02:42:47
  • Zuletzt bearbeitet 15.09.2025 15:40:46

DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. In versions 6.0.0 to before 10.0.1, DNN.PLATFORM allows specially crafted content in URLs to be used with TokenReplace and not be properly s...

5.4

CVE-2025-52485

  • EPSS 0.03%
  • Veröffentlicht 21.06.2025 02:40:38
  • Zuletzt bearbeitet 15.09.2025 15:41:56

DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. In versions 6.0.0 to before 10.0.1, DNN.PLATFORM allows a specially crafted request to inject scripts in the Activity Feed Attachments endpo...