Vulnerabilities (CVE)

  1. OpenCVE
  2. Vulnerabilities (CVE)
Filtered by vendor Dnnsoftware Subscribe
Filtered by product Dotnetnuke

CVSS v3 Filter

ALL
NONE (0.0) LOW (0.1 - 3.9) MEDIUM (4.0 - 6.9) HIGH (7.0 - 8.9) CRITICAL (9.0 - 10.0)

Search

Total 8 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2021-40186 1 Dnnsoftware 1 Dotnetnuke 2022-06-09 5.0 MEDIUM 7.5 HIGH
The AppCheck research team identified a Server-Side Request Forgery (SSRF) vulnerability within the DNN CMS platform, formerly known as DotNetNuke. SSRF vulnerabilities allow the attacker to exploit the target system to make network requests on their behalf, allowing a range of possible attacks. In the most common scenario, the attacker exploits SSRF vulnerabilities to attack systems behind the firewall and access sensitive information from Cloud Provider metadata services.
CVE-2018-15812 1 Dnnsoftware 1 Dotnetnuke 2020-08-24 5.0 MEDIUM 7.5 HIGH
DNN (aka DotNetNuke) 9.2 through 9.2.1 incorrectly converts encryption key source values, resulting in lower than expected entropy.
CVE-2018-18326 1 Dnnsoftware 1 Dotnetnuke 2020-08-24 5.0 MEDIUM 7.5 HIGH
DNN (aka DotNetNuke) 9.2 through 9.2.2 incorrectly converts encryption key source values, resulting in lower than expected entropy. NOTE: this issue exists because of an incomplete fix for CVE-2018-15812.
CVE-2018-18325 1 Dnnsoftware 1 Dotnetnuke 2020-04-03 5.0 MEDIUM 7.5 HIGH
DNN (aka DotNetNuke) 9.2 through 9.2.2 uses a weak encryption algorithm to protect input parameters. NOTE: this issue exists because of an incomplete fix for CVE-2018-15811.
CVE-2017-9822 1 Dnnsoftware 1 Dotnetnuke 2020-04-03 6.5 MEDIUM 8.8 HIGH
DNN (aka DotNetNuke) before 9.1.1 has Remote Code Execution via a cookie, aka "2017-08 (Critical) Possible remote code execution on DNN sites."
CVE-2018-15811 1 Dnnsoftware 1 Dotnetnuke 2020-04-03 5.0 MEDIUM 7.5 HIGH
DNN (aka DotNetNuke) 9.2 through 9.2.1 uses a weak encryption algorithm to protect input parameters.
CVE-2020-5187 1 Dnnsoftware 1 Dotnetnuke 2020-02-24 6.5 MEDIUM 8.8 HIGH
DNN (formerly DotNetNuke) through 9.4.4 allows Path Traversal (issue 2 of 2).
CVE-2017-0929 1 Dnnsoftware 1 Dotnetnuke 2018-09-04 5.0 MEDIUM 7.5 HIGH
DNN (aka DotNetNuke) before 9.2.0 suffers from a Server-Side Request Forgery (SSRF) vulnerability in the DnnImageHandler class. Attackers may be able to access information about internal network resources.