Dnnsoftware

Dotnetnuke

76 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
4.3

CVE-2015-1566

  • EPSS 1.75%
  • Veröffentlicht 09.02.2015 17:59:10
  • Zuletzt bearbeitet 06.05.2026 22:30:45

Cross-site scripting (XSS) vulnerability in DotNetNuke (DNN) before 7.4.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3

CVE-2013-7335

  • EPSS 1.18%
  • Veröffentlicht 12.03.2014 14:55:30
  • Zuletzt bearbeitet 06.05.2026 22:30:45

Open redirect vulnerability in DotNetNuke (DNN) before 6.2.9 and 7.x before 7.1.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.

4.3

CVE-2013-4649

Exploit
  • EPSS 2.46%
  • Veröffentlicht 12.03.2014 14:55:30
  • Zuletzt bearbeitet 06.05.2026 22:30:45

Cross-site scripting (XSS) vulnerability in DotNetNuke (DNN) before 6.2.9 and 7.x before 7.1.1 allows remote attackers to inject arbitrary web script or HTML via the __dnnVariable parameter to the default URI.

3.5

CVE-2013-3943

  • EPSS 0.94%
  • Veröffentlicht 12.03.2014 14:55:30
  • Zuletzt bearbeitet 06.05.2026 22:30:45

Cross-site scripting (XSS) vulnerability in DotNetNuke (DNN) before 6.2.9 and 7.x before 7.1.1 allows remote authenticated users to inject arbitrary web script or HTML via vectors related to the Display Name field in the Manage Profile.

4.3

CVE-2012-1036

  • EPSS 0.94%
  • Veröffentlicht 11.04.2012 10:39:26
  • Zuletzt bearbeitet 16.06.2026 23:38:52

Cross-site scripting (XSS) vulnerability in the telerik HTML editor in DotNetNuke before 5.6.4 and 6.x before 6.1.0 allows remote attackers to inject arbitrary web script or HTML via a message.

4.3

CVE-2012-1030

  • EPSS 0.94%
  • Veröffentlicht 11.04.2012 10:39:26
  • Zuletzt bearbeitet 16.06.2026 23:38:52

Cross-site scripting (XSS) vulnerability in DotNetNuke 6.x through 6.0.2 allows user-assisted remote attackers to inject arbitrary web script or HTML via a crafted URL containing text that is used within a modal popup.

4.3

CVE-2010-4514

Exploit
  • EPSS 1.54%
  • Veröffentlicht 09.12.2010 21:00:01
  • Zuletzt bearbeitet 16.06.2026 23:24:57

Cross-site scripting (XSS) vulnerability in Install/InstallWizard.aspx in DotNetNuke 5.05.01 and 5.06.00 allows remote attackers to inject arbitrary web script or HTML via the __VIEWSTATE parameter. NOTE: some of these details are obtained from thir...

4.3

CVE-2009-4110

  • EPSS 1.66%
  • Veröffentlicht 29.11.2009 13:08:29
  • Zuletzt bearbeitet 16.06.2026 23:13:03

Cross-site scripting (XSS) vulnerability in the search functionality in DotNetNuke 4.8 through 5.1.4 allows remote attackers to inject arbitrary web script or HTML via search terms that are not properly filtered before display in a custom results pag...

5

CVE-2009-4109

  • EPSS 1.23%
  • Veröffentlicht 29.11.2009 13:08:29
  • Zuletzt bearbeitet 16.06.2026 23:13:03

The install wizard in DotNetNuke 4.0 through 5.1.4 does not prevent anonymous users from accessing functionality related to determination of the need for an upgrade, which allows remote attackers to access version information and possibly other sensi...

7.5

CVE-2008-7102

  • EPSS 1.41%
  • Veröffentlicht 27.08.2009 20:30:00
  • Zuletzt bearbeitet 16.06.2026 23:03:36

DotNetNuke 2.0 through 4.8.4 allows remote attackers to load .ascx files instead of skin files, and possibly access privileged functionality, via unknown vectors related to parameter validation.