Dnnsoftware

Dotnetnuke

76 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.4

CVE-2025-64094

  • EPSS 0.16%
  • Veröffentlicht 28.10.2025 21:44:31
  • Zuletzt bearbeitet 03.11.2025 19:38:46

DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Prior to 10.1.1, sanitization of the content of uploaded SVG files was not covering all possible XSS scenarios. This vulnerability exists b...

4.3

CVE-2025-62802

  • EPSS 0.19%
  • Veröffentlicht 28.10.2025 21:42:07
  • Zuletzt bearbeitet 03.11.2025 19:38:00

DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Prior to 10.1.1, the out-of-box experience for HTML editing allows unauthenticated users to upload files. This opens a potential vector to o...

6.1

CVE-2025-59821

  • EPSS 0.2%
  • Veröffentlicht 23.09.2025 18:15:41
  • Zuletzt bearbeitet 29.09.2025 12:58:27

DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Prior to version 10.1.0, DNN’s URL/path handling and template rendering can allow specially crafted input to be reflected into a user profil...

6.1

CVE-2025-59548

  • EPSS 0.18%
  • Veröffentlicht 23.09.2025 18:15:39
  • Zuletzt bearbeitet 29.09.2025 12:58:02

DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Prior to version 10.1.0, specially crafted URLs to the FileBrowser are vulnerable to javascript injection, affecting any unsuspecting user c...

5.3

CVE-2025-59547

  • EPSS 0.25%
  • Veröffentlicht 23.09.2025 18:15:39
  • Zuletzt bearbeitet 29.09.2025 12:57:09

DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Prior to version 10.1.0, the CKEditor file upload endpoint has insufficient sanitization for filenames allowing probing network endpoints. A...

4.8

CVE-2025-59546

  • EPSS 0.17%
  • Veröffentlicht 23.09.2025 18:15:39
  • Zuletzt bearbeitet 29.09.2025 12:56:28

DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Prior to version 10.1.0, administrators and content editors can set html in module titles that could include javascript which could be used ...

9

CVE-2025-59545

  • EPSS 0.51%
  • Veröffentlicht 23.09.2025 18:15:38
  • Zuletzt bearbeitet 29.09.2025 12:56:04

DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Prior to version 10.1.0, the Prompt module allows execution of commands that can return raw HTML. Malicious input, even if sanitized for dis...

5.4

CVE-2025-59539

  • EPSS 0.17%
  • Veröffentlicht 23.09.2025 18:15:38
  • Zuletzt bearbeitet 29.09.2025 12:42:58

DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Prior to version 10.1.0, when embedding information in the Biography field, even if that field is not rich-text, users could inject javascri...

6.5

CVE-2025-59535

  • EPSS 0.32%
  • Veröffentlicht 22.09.2025 21:16:00
  • Zuletzt bearbeitet 29.09.2025 12:53:14

DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Prior to version 10.1.0, arbitrary themes can be loaded through query parameters. If an installed theme had a vulnerability, even if it was ...

8.6

CVE-2025-52488

  • EPSS 29.35%
  • Veröffentlicht 21.06.2025 02:51:25
  • Zuletzt bearbeitet 15.09.2025 15:21:56

DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. In versions 6.0.0 to before 10.0.1, DNN.PLATFORM allows a specially crafted series of malicious interaction to potentially expose NTLM hashe...