Filtered by vendor Dnnsoftware
Subscribe
Search
Total
6 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-31858 | 1 Dnnsoftware | 1 Dotnetnuke | 2022-07-26 | N/A | 5.4 MEDIUM |
| DotNetNuke (DNN) 9.9.1 CMS is vulnerable to a Stored Cross-Site Scripting vulnerability in the user profile biography section which allows remote authenticated users to inject arbitrary code via a crafted payload. | |||||
| CVE-2020-11585 | 1 Dnnsoftware | 1 Dotnetnuke | 2021-07-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| There is an information disclosure issue in DNN (formerly DotNetNuke) 9.5 within the built-in Activity-Feed/Messaging/Userid/ Message Center module. A registered user is able to enumerate any file in the Admin File Manager (other than ones contained in a secure folder) by sending themselves a message with the file attached, e.g., by using an arbitrary small integer value in the fileIds parameter. | |||||
| CVE-2020-5188 | 1 Dnnsoftware | 1 Dotnetnuke | 2021-07-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| DNN (formerly DotNetNuke) through 9.4.4 has Insecure Permissions. | |||||
| CVE-2020-5186 | 1 Dnnsoftware | 1 Dotnetnuke | 2020-02-24 | 3.5 LOW | 5.4 MEDIUM |
| DNN (formerly DotNetNuke) through 9.4.4 allows XSS (issue 1 of 2). | |||||
| CVE-2019-12562 | 1 Dnnsoftware | 1 Dotnetnuke | 2019-10-01 | 4.3 MEDIUM | 6.1 MEDIUM |
| Stored Cross-Site Scripting in DotNetNuke (DNN) Version before 9.4.0 allows remote attackers to store and embed the malicious script into the admin notification page. The exploit could be used to perfom any action with admin privileges such as managing content, adding users, uploading backdoors to the server, etc. Successful exploitation occurs when an admin user visits a notification page with stored cross-site scripting. | |||||
| CVE-2018-14486 | 1 Dnnsoftware | 1 Dotnetnuke | 2019-03-22 | 4.3 MEDIUM | 6.1 MEDIUM |
| DNN (formerly DotNetNuke) 9.1.1 allows cross-site scripting (XSS) via XML. | |||||