Dnnsoftware: Security Vulnerabilities
CVE-2018-18325
DNN (aka DotNetNuke) 9.2 through 9.2.2 uses a weak encryption algorithm to protect input parameters. NOTE: this issue exists because of an incomplete fix for CVE-2018-15811.
Known exploited
CVSS Score
7.5
EPSS Score
0.761
Published
2019-07-03
DNN (aka DotNetNuke) 9.2 through 9.2.2 incorrectly converts encryption key source values, resulting in lower than expected entropy. NOTE: this issue exists because of an incomplete fix for CVE-2018-15812.
CVSS Score
7.5
EPSS Score
0.765
Published
2019-07-03
DNN (formerly DotNetNuke) 9.1.1 allows cross-site scripting (XSS) via XML.
CVSS Score
6.1
EPSS Score
0.005
Published
2019-03-21
DNN (aka DotNetNuke) before 9.2.0 suffers from a Server-Side Request Forgery (SSRF) vulnerability in the DnnImageHandler class. Attackers may be able to access information about internal network resources.
CVSS Score
7.5
EPSS Score
0.926
Published
2018-07-03
CVE-2017-9822
DNN (aka DotNetNuke) before 9.1.1 has Remote Code Execution via a cookie, aka "2017-08 (Critical) Possible remote code execution on DNN sites."
Known exploited
CVSS Score
8.8
EPSS Score
0.943
Published
2017-07-20
Page 3