Dnnsoftware: >> Dotnetnuke >> 7.1.2.219 Security Vulnerabilities
An arbitrary file upload vulnerability in the Digital Assets Manager module of DNN Corp DotNetNuke v7.0.0 to v9.10.2 allows attackers to execute arbitrary code via a crafted SVG file.
CVSS Score
5.4
EPSS Score
0.005
Published
2023-04-12
Relative Path Traversal in GitHub repository dnnsoftware/dnn.platform prior to 9.11.0.
CVSS Score
4.9
EPSS Score
0.001
Published
2022-09-30
DotNetNuke (DNN) 9.9.1 CMS is vulnerable to a Stored Cross-Site Scripting vulnerability in the user profile biography section which allows remote authenticated users to inject arbitrary code via a crafted payload.
CVSS Score
5.4
EPSS Score
0.003
Published
2022-07-20
The AppCheck research team identified a Server-Side Request Forgery (SSRF) vulnerability within the DNN CMS platform, formerly known as DotNetNuke. SSRF vulnerabilities allow the attacker to exploit the target system to make network requests on their behalf, allowing a range of possible attacks. In the most common scenario, the attacker exploits SSRF vulnerabilities to attack systems behind the firewall and access sensitive information from Cloud Provider metadata services.
CVSS Score
6.5
EPSS Score
0.003
Published
2022-06-02
DNN (formerly DotNetNuke) through 9.4.4 allows XSS (issue 1 of 2).
CVSS Score
5.4
EPSS Score
0.004
Published
2020-02-24
DNN (formerly DotNetNuke) through 9.4.4 allows Path Traversal (issue 2 of 2).
CVSS Score
8.8
EPSS Score
0.007
Published
2020-02-24
DNN (formerly DotNetNuke) through 9.4.4 has Insecure Permissions.
CVSS Score
6.5
EPSS Score
0.003
Published
2020-02-24
Stored Cross-Site Scripting in DotNetNuke (DNN) Version before 9.4.0 allows remote attackers to store and embed the malicious script into the admin notification page. The exploit could be used to perfom any action with admin privileges such as managing content, adding users, uploading backdoors to the server, etc. Successful exploitation occurs when an admin user visits a notification page with stored cross-site scripting.
CVSS Score
6.1
EPSS Score
0.387
Published
2019-09-26
DNN (aka DotNetNuke) before 9.2.0 suffers from a Server-Side Request Forgery (SSRF) vulnerability in the DnnImageHandler class. Attackers may be able to access information about internal network resources.
CVSS Score
7.5
EPSS Score
0.917
Published
2018-07-03
CVE-2017-9822
DNN (aka DotNetNuke) before 9.1.1 has Remote Code Execution via a cookie, aka "2017-08 (Critical) Possible remote code execution on DNN sites."
Known exploited
CVSS Score
8.8
EPSS Score
0.943
Published
2017-07-20
Page 1