Dnnsoftware: >> Dotnetnuke >> 7.1.2.169 Security Vulnerabilities
DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. A url could be crafted to the DNN ImageHandler to render text from a querystring parameter. This text would display in the resulting image and a user that trusts the domain might think that the information is legitimate. This vulnerability is fixed in 9.13.4.
CVSS Score
4.3
EPSS Score
0.0
Published
2025-04-09
DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Prior to 9.13.2, when uploading files (e.g. when uploading assets), the file extension is checked to see if it's an allowed file type but the actual contents of the file aren't checked. This means that it's possible to e.g. upload an executable file renamed to be a .jpg. This file could then be executed by another security vulnerability. This vulnerability is fixed in 9.13.2.
CVSS Score
2.6
EPSS Score
0.0
Published
2025-04-08
DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. The algorithm used to generate the captcha image shows the least complexity of the desired image. For this reason, the created image can be easily read by OCR tools, and the intruder can send automatic requests by building a robot and using this tool. This vulnerability is fixed in 9.13.8.
CVSS Score
4.2
EPSS Score
0.0
Published
2025-04-08
An arbitrary file upload vulnerability in the Digital Assets Manager module of DNN Corp DotNetNuke v7.0.0 to v9.10.2 allows attackers to execute arbitrary code via a crafted SVG file.
CVSS Score
5.4
EPSS Score
0.005
Published
2023-04-12
Relative Path Traversal in GitHub repository dnnsoftware/dnn.platform prior to 9.11.0.
CVSS Score
4.9
EPSS Score
0.004
Published
2022-09-30
DotNetNuke (DNN) 9.9.1 CMS is vulnerable to a Stored Cross-Site Scripting vulnerability in the user profile biography section which allows remote authenticated users to inject arbitrary code via a crafted payload.
CVSS Score
5.4
EPSS Score
0.002
Published
2022-07-20
The AppCheck research team identified a Server-Side Request Forgery (SSRF) vulnerability within the DNN CMS platform, formerly known as DotNetNuke. SSRF vulnerabilities allow the attacker to exploit the target system to make network requests on their behalf, allowing a range of possible attacks. In the most common scenario, the attacker exploits SSRF vulnerabilities to attack systems behind the firewall and access sensitive information from Cloud Provider metadata services.
CVSS Score
6.5
EPSS Score
0.003
Published
2022-06-02
DNN (formerly DotNetNuke) through 9.4.4 allows XSS (issue 1 of 2).
CVSS Score
5.4
EPSS Score
0.004
Published
2020-02-24
DNN (formerly DotNetNuke) through 9.4.4 allows Path Traversal (issue 2 of 2).
CVSS Score
8.8
EPSS Score
0.007
Published
2020-02-24
DNN (formerly DotNetNuke) through 9.4.4 has Insecure Permissions.
CVSS Score
6.5
EPSS Score
0.003
Published
2020-02-24