Known Vulnerabilities for products from Dnnsoftware
Listed below are 16 of the newest known vulnerabilities associated with the vendor "Dnnsoftware".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2022-47053 json | An arbitrary file upload vulnerability in the Digital Assets Manager module of DNN Corp DotNetNuke v7.0.0 to v9.10.2 allows a... | 5.4 - MEDIUM | 2023-04-12 | 2023-04-19 |
| CVE-2022-2922 json | Relative Path Traversal in GitHub repository dnnsoftware/dnn.platform prior to 9.11.0. | 4.9 - MEDIUM | 2022-09-30 | 2022-10-04 |
| CVE-2021-40186 json | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... | 7.5 - HIGH | 2022-06-02 | 2022-06-09 |
| CVE-2021-31858 json | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... | 5.4 - MEDIUM | 2022-07-20 | 2022-07-26 |
| CVE-2020-11585 json | There is an information disclosure issue in DNN (formerly DotNetNuke) 9.5 within the built-in Activity-Feed/Messaging/Userid/... | 4.3 - MEDIUM | 2020-04-06 | 2021-07-21 |
| CVE-2020-5188 json | DNN (formerly DotNetNuke) through 9.4.4 has Insecure Permissions. | 6.5 - MEDIUM | 2020-02-24 | 2023-11-07 |
| CVE-2020-5187 json | DNN (formerly DotNetNuke) through 9.4.4 allows Path Traversal (issue 2 of 2). | 8.8 - HIGH | 2020-02-24 | 2023-11-07 |
| CVE-2020-5186 json | DNN (formerly DotNetNuke) through 9.4.4 allows XSS (issue 1 of 2). | 5.4 - MEDIUM | 2020-02-24 | 2023-11-07 |
| CVE-2019-12562 json | Stored Cross-Site Scripting in DotNetNuke (DNN) Version before 9.4.0 allows remote attackers to store and embed the malicious... | 6.1 - MEDIUM | 2019-09-26 | 2019-10-01 |
| CVE-2018-18326 json | DNN (aka DotNetNuke) 9.2 through 9.2.2 incorrectly converts encryption key source values, resulting in lower than expected en... | 7.5 - HIGH | 2019-07-03 | 2023-03-03 |
| CVE-2018-18325 json | DNN (aka DotNetNuke) 9.2 through 9.2.2 uses a weak encryption algorithm to protect input parameters. NOTE: this issue exists ... | 7.5 - HIGH | 2019-07-03 | 2023-03-03 |
| CVE-2018-15812 json | DNN (aka DotNetNuke) 9.2 through 9.2.1 incorrectly converts encryption key source values, resulting in lower than expected en... | 7.5 - HIGH | 2019-07-03 | 2023-03-03 |
| CVE-2018-15811 json | DNN (aka DotNetNuke) 9.2 through 9.2.1 uses a weak encryption algorithm to protect input parameters. | 7.5 - HIGH | 2019-07-03 | 2023-03-03 |
| CVE-2018-14486 json | DNN (formerly DotNetNuke) 9.1.1 allows cross-site scripting (XSS) via XML. | 6.1 - MEDIUM | 2019-03-21 | 2019-03-22 |
| CVE-2017-9822 json | DNN (aka DotNetNuke) before 9.1.1 has Remote Code Execution via a cookie, aka "2017-08 (Critical) Possible remote code execut... | 8.8 - HIGH | 2017-07-20 | 2020-04-03 |
| CVE-2017-0929 json | DNN (aka DotNetNuke) before 9.2.0 suffers from a Server-Side Request Forgery (SSRF) vulnerability in the DnnImageHandler clas... | 7.5 - HIGH | 2018-07-03 | 2018-09-04 |
Known software with vulnerabilities from Dnnsoftware
| Type | Vendor | Product | Version |
|---|---|---|---|
| Application | Dnnsoftware | Dotnetnuke | 7.1.2.164 |