Shodan
Vulnerabilities
Vulnerable Software
Dnnsoftware:  >> Dotnetnuke  >> 6.1.4  Security Vulnerabilities
CVE-2020-5186
DNN (formerly DotNetNuke) through 9.4.4 allows XSS (issue 1 of 2).
CVSS Score
5.4
EPSS Score
0.004
Published
2020-02-24
CVE-2020-5187
DNN (formerly DotNetNuke) through 9.4.4 allows Path Traversal (issue 2 of 2).
CVSS Score
8.8
EPSS Score
0.007
Published
2020-02-24
CVE-2020-5188
DNN (formerly DotNetNuke) through 9.4.4 has Insecure Permissions.
CVSS Score
6.5
EPSS Score
0.003
Published
2020-02-24
CVE-2019-12562
Stored Cross-Site Scripting in DotNetNuke (DNN) Version before 9.4.0 allows remote attackers to store and embed the malicious script into the admin notification page. The exploit could be used to perfom any action with admin privileges such as managing content, adding users, uploading backdoors to the server, etc. Successful exploitation occurs when an admin user visits a notification page with stored cross-site scripting.
CVSS Score
6.1
EPSS Score
0.387
Published
2019-09-26
CVE-2017-0929
DNN (aka DotNetNuke) before 9.2.0 suffers from a Server-Side Request Forgery (SSRF) vulnerability in the DnnImageHandler class. Attackers may be able to access information about internal network resources.
CVSS Score
7.5
EPSS Score
0.926
Published
2018-07-03
CVE-2017-9822
Known exploited
DNN (aka DotNetNuke) before 9.1.1 has Remote Code Execution via a cookie, aka "2017-08 (Critical) Possible remote code execution on DNN sites."
CVSS Score
8.8
EPSS Score
0.943
Published
2017-07-20
CVE-2015-2794
The installation wizard in DotNetNuke (DNN) before 7.4.1 allows remote attackers to reinstall the application and gain SuperUser access via a direct request to Install/InstallWizard.aspx.
CVSS Score
9.8
EPSS Score
0.923
Published
2017-02-06
CVE-2016-7119
Cross-site scripting (XSS) vulnerability in the user-profile biography section in DotNetNuke (DNN) before 8.0.1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted onclick attribute in an IMG element.
CVSS Score
5.4
EPSS Score
0.002
Published
2016-08-31
CVE-2015-1566
Cross-site scripting (XSS) vulnerability in DotNetNuke (DNN) before 7.4.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVSS Score
4.3
EPSS Score
0.003
Published
2015-02-09
CVE-2013-3943
Cross-site scripting (XSS) vulnerability in DotNetNuke (DNN) before 6.2.9 and 7.x before 7.1.1 allows remote authenticated users to inject arbitrary web script or HTML via vectors related to the Display Name field in the Manage Profile.
CVSS Score
3.5
EPSS Score
0.002
Published
2014-03-12


Products
Pricing
Contact Us

Shodan ® - All rights reserved