Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/15432?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/15432?format=api", "purl": "pkg:nuget/DotNetNuke.Core@9.3.0", "type": "nuget", "namespace": "", "name": "DotNetNuke.Core", "version": "9.3.0", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "10.2.2", "latest_non_vulnerable_version": "10.2.2", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/101125?format=api", "vulnerability_id": "VCID-2d1y-21mg-9kdx", "summary": "DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Prior to version 10.1.0, administrators and content editors can set html in module titles that could include javascript which could be used for XSS based attacks. This issue has been patched in version 10.1.0.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-59546", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00038", "scoring_system": "epss", "scoring_elements": "0.11849", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00038", "scoring_system": "epss", "scoring_elements": "0.11765", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-59546" }, { "reference_url": "https://github.com/dnnsoftware/Dnn.Platform", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/dnnsoftware/Dnn.Platform" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-59546", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-59546" }, { "reference_url": "https://github.com/advisories/GHSA-gj8m-5492-q98h", "reference_id": "GHSA-gj8m-5492-q98h", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-gj8m-5492-q98h" }, { "reference_url": "https://github.com/dnnsoftware/Dnn.Platform/security/advisories/GHSA-gj8m-5492-q98h", "reference_id": "GHSA-gj8m-5492-q98h", "reference_type": "", "scores": [ { "value": "2.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N" }, { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-23T18:30:03Z/" } ], "url": "https://github.com/dnnsoftware/Dnn.Platform/security/advisories/GHSA-gj8m-5492-q98h" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/376615?format=api", "purl": "pkg:nuget/DotNetNuke.Core@10.1.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-6227-44sm-nkbb" }, { "vulnerability": "VCID-axxm-bb71-33dj" }, { "vulnerability": "VCID-fyxq-vtfm-s3ec" }, { "vulnerability": "VCID-k89y-aedv-uugd" }, { "vulnerability": "VCID-kwns-m3j3-8kb7" }, { "vulnerability": "VCID-q7dx-jb8e-wua4" }, { "vulnerability": "VCID-smd5-xy65-jufc" }, { "vulnerability": "VCID-wau9-knn5-vqbp" }, { "vulnerability": "VCID-z9tg-26ja-c7hw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:nuget/DotNetNuke.Core@10.1.0" } ], "aliases": [ "CVE-2025-59546", "GHSA-gj8m-5492-q98h" ], "risk_score": 1.4, "exploitability": "0.5", "weighted_severity": "2.7", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-2d1y-21mg-9kdx" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/117967?format=api", "vulnerability_id": "VCID-4wd1-t7cm-9yd2", "summary": "DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Prior to version 9.13.9, uploaded SVG files could contain scripts and if rendered inline those scripts could run allowing XSS attacks. Version 9.13.9 fixes the issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-48378", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00055", "scoring_system": "epss", "scoring_elements": "0.17817", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00055", "scoring_system": "epss", "scoring_elements": "0.17657", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-48378" }, { "reference_url": "https://github.com/dnnsoftware/Dnn.Platform", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/dnnsoftware/Dnn.Platform" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-48378", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-48378" }, { "reference_url": "https://github.com/dnnsoftware/Dnn.Platform/commit/cfed83c291d5e5072b2fa70924a8b7c35b1cdf9e", "reference_id": "cfed83c291d5e5072b2fa70924a8b7c35b1cdf9e", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-23T16:00:53Z/" } ], "url": "https://github.com/dnnsoftware/Dnn.Platform/commit/cfed83c291d5e5072b2fa70924a8b7c35b1cdf9e" }, { "reference_url": "https://github.com/advisories/GHSA-m4hf-fxcg-cp34", "reference_id": "GHSA-m4hf-fxcg-cp34", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-m4hf-fxcg-cp34" }, { "reference_url": "https://github.com/dnnsoftware/Dnn.Platform/security/advisories/GHSA-m4hf-fxcg-cp34", "reference_id": "GHSA-m4hf-fxcg-cp34", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-23T16:00:53Z/" } ], "url": "https://github.com/dnnsoftware/Dnn.Platform/security/advisories/GHSA-m4hf-fxcg-cp34" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/38328?format=api", "purl": "pkg:nuget/DotNetNuke.Core@9.13.9", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2d1y-21mg-9kdx" }, { "vulnerability": "VCID-6227-44sm-nkbb" }, { "vulnerability": "VCID-as6z-jr8m-6kbm" }, { "vulnerability": "VCID-axxm-bb71-33dj" }, { "vulnerability": "VCID-c87b-2p6c-xqh8" }, { "vulnerability": "VCID-epah-7729-rqba" }, { "vulnerability": "VCID-fyxq-vtfm-s3ec" }, { "vulnerability": "VCID-k89y-aedv-uugd" }, { "vulnerability": "VCID-kwns-m3j3-8kb7" }, { "vulnerability": "VCID-q7dx-jb8e-wua4" }, { "vulnerability": "VCID-smd5-xy65-jufc" }, { "vulnerability": "VCID-trdq-rcjg-s7gy" }, { "vulnerability": "VCID-wau9-knn5-vqbp" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:nuget/DotNetNuke.Core@9.13.9" } ], "aliases": [ "CVE-2025-48378", "GHSA-m4hf-fxcg-cp34" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-4wd1-t7cm-9yd2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/82764?format=api", "vulnerability_id": "VCID-6227-44sm-nkbb", "summary": "DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Starting in version 9.0.0 and prior to versions 9.13.10 and 10.2.0, extensions could write richtext in log notes which can include scripts that would run in the PersonaBar when displayed. Versions 9.13.10 and 10.2.0 contain a fix for the issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-24836", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00017", "scoring_system": "epss", "scoring_elements": "0.04175", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00017", "scoring_system": "epss", "scoring_elements": "0.04163", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-24836" }, { "reference_url": "https://github.com/dnnsoftware/Dnn.Platform", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/dnnsoftware/Dnn.Platform" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-24836", "reference_id": "CVE-2026-24836", "reference_type": "", "scores": [ { "value": "7.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-24836" }, { "reference_url": "https://github.com/advisories/GHSA-2g5g-hcgh-q3rp", "reference_id": "GHSA-2g5g-hcgh-q3rp", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-2g5g-hcgh-q3rp" }, { "reference_url": "https://github.com/dnnsoftware/Dnn.Platform/security/advisories/GHSA-2g5g-hcgh-q3rp", "reference_id": "GHSA-2g5g-hcgh-q3rp", "reference_type": "", "scores": [ { "value": "7.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H" }, { "value": "7.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-01-28T21:04:00Z/" } ], "url": "https://github.com/dnnsoftware/Dnn.Platform/security/advisories/GHSA-2g5g-hcgh-q3rp" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/38325?format=api", "purl": "pkg:nuget/DotNetNuke.Core@10.2.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-axxm-bb71-33dj" }, { "vulnerability": "VCID-kwns-m3j3-8kb7" }, { "vulnerability": "VCID-q7dx-jb8e-wua4" }, { "vulnerability": "VCID-z9tg-26ja-c7hw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:nuget/DotNetNuke.Core@10.2.0" } ], "aliases": [ "CVE-2026-24836", "GHSA-2g5g-hcgh-q3rp" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-6227-44sm-nkbb" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/343448?format=api", "vulnerability_id": "VCID-76dr-n4fx-nud6", "summary": "", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-40186", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00311", "scoring_system": "epss", "scoring_elements": "0.54749", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00311", "scoring_system": "epss", "scoring_elements": "0.54872", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-40186" }, { "reference_url": "https://appcheck-ng.com/dnn-cms-server-side-request-forgery-cve-2021-40186", "reference_id": "", "reference_type": "", "scores": [], "url": "https://appcheck-ng.com/dnn-cms-server-side-request-forgery-cve-2021-40186" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-40186", "reference_id": "CVE-2021-40186", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-40186" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/400849?format=api", "purl": "pkg:nuget/DotNetNuke.Core@9.13.0-ci0000", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2d1y-21mg-9kdx" }, { "vulnerability": "VCID-4wd1-t7cm-9yd2" }, { "vulnerability": "VCID-6227-44sm-nkbb" }, { "vulnerability": "VCID-as6z-jr8m-6kbm" }, { "vulnerability": "VCID-axxm-bb71-33dj" }, { "vulnerability": "VCID-c87b-2p6c-xqh8" }, { "vulnerability": "VCID-epah-7729-rqba" }, { "vulnerability": "VCID-f55k-m678-vbfr" }, { "vulnerability": "VCID-fyxq-vtfm-s3ec" }, { "vulnerability": "VCID-k89y-aedv-uugd" }, { "vulnerability": "VCID-kwns-m3j3-8kb7" }, { "vulnerability": "VCID-q3he-ta5n-hkec" }, { "vulnerability": "VCID-q7dx-jb8e-wua4" }, { "vulnerability": "VCID-smd5-xy65-jufc" }, { "vulnerability": "VCID-trdq-rcjg-s7gy" }, { "vulnerability": "VCID-wau9-knn5-vqbp" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:nuget/DotNetNuke.Core@9.13.0-ci0000" } ], "aliases": [ "CVE-2021-40186" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-76dr-n4fx-nud6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/100676?format=api", "vulnerability_id": "VCID-as6z-jr8m-6kbm", "summary": "DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Prior to version 10.1.0, DNN’s URL/path handling and template rendering can allow specially crafted input to be reflected into a user profile that is returned to the browser. In these cases, the application does not sufficiently neutralize or encode characters that are meaningful in HTML, so an attacker can cause a victim’s browser to interpret attacker-controlled content as part of the page’s HTML. This issue has been patched in version 10.1.0.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-59821", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00047", "scoring_system": "epss", "scoring_elements": "0.1504", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00047", "scoring_system": "epss", "scoring_elements": "0.14918", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-59821" }, { "reference_url": "https://github.com/dnnsoftware/Dnn.Platform", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/dnnsoftware/Dnn.Platform" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-59821", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-59821" }, { "reference_url": "https://github.com/advisories/GHSA-jc4g-c8ww-5738", "reference_id": "GHSA-jc4g-c8ww-5738", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-jc4g-c8ww-5738" }, { "reference_url": "https://github.com/dnnsoftware/Dnn.Platform/security/advisories/GHSA-jc4g-c8ww-5738", "reference_id": "GHSA-jc4g-c8ww-5738", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-23T18:29:53Z/" } ], "url": "https://github.com/dnnsoftware/Dnn.Platform/security/advisories/GHSA-jc4g-c8ww-5738" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/376615?format=api", "purl": "pkg:nuget/DotNetNuke.Core@10.1.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-6227-44sm-nkbb" }, { "vulnerability": "VCID-axxm-bb71-33dj" }, { "vulnerability": "VCID-fyxq-vtfm-s3ec" }, { "vulnerability": "VCID-k89y-aedv-uugd" }, { "vulnerability": "VCID-kwns-m3j3-8kb7" }, { "vulnerability": "VCID-q7dx-jb8e-wua4" }, { "vulnerability": "VCID-smd5-xy65-jufc" }, { "vulnerability": "VCID-wau9-knn5-vqbp" }, { "vulnerability": "VCID-z9tg-26ja-c7hw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:nuget/DotNetNuke.Core@10.1.0" } ], "aliases": [ "CVE-2025-59821", "GHSA-jc4g-c8ww-5738" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-as6z-jr8m-6kbm" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/84334?format=api", "vulnerability_id": "VCID-axxm-bb71-33dj", "summary": "DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Prior to version 10.2.2, a user could upload a specially crafted SVG file that could include scripts that can target both authenticated and unauthenticated DNN users. The impact is increased if the scripts are run by a power user. Version 10.2.2 patches the issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-40321", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.06131", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.06153", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-40321" }, { "reference_url": "https://github.com/dnnsoftware/Dnn.Platform", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/dnnsoftware/Dnn.Platform" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-40321", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-40321" }, { "reference_url": "https://github.com/advisories/GHSA-ffq7-898w-9jc4", "reference_id": "GHSA-ffq7-898w-9jc4", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-ffq7-898w-9jc4" }, { "reference_url": "https://github.com/dnnsoftware/Dnn.Platform/security/advisories/GHSA-ffq7-898w-9jc4", "reference_id": "GHSA-ffq7-898w-9jc4", "reference_type": "", "scores": [ { "value": "8.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H" }, { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-20T16:00:34Z/" } ], "url": "https://github.com/dnnsoftware/Dnn.Platform/security/advisories/GHSA-ffq7-898w-9jc4" }, { "reference_url": "https://github.com/dnnsoftware/Dnn.Platform/releases/tag/v10.2.2", "reference_id": "v10.2.2", "reference_type": "", "scores": [ { "value": "8.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H" }, { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-20T16:00:34Z/" } ], "url": "https://github.com/dnnsoftware/Dnn.Platform/releases/tag/v10.2.2" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/373520?format=api", "purl": "pkg:nuget/DotNetNuke.Core@10.2.2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:nuget/DotNetNuke.Core@10.2.2" } ], "aliases": [ "CVE-2026-40321", "GHSA-ffq7-898w-9jc4" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-axxm-bb71-33dj" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/100961?format=api", "vulnerability_id": "VCID-c87b-2p6c-xqh8", "summary": "DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Prior to version 10.1.0, when embedding information in the Biography field, even if that field is not rich-text, users could inject javascript code that would run in the context of the website and to any other user that can view the profile including administrators and/or superusers. This issue has been patched in version 10.1.0.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-59539", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00041", "scoring_system": "epss", "scoring_elements": "0.13003", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00041", "scoring_system": "epss", "scoring_elements": "0.12908", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-59539" }, { "reference_url": "https://github.com/dnnsoftware/Dnn.Platform", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/dnnsoftware/Dnn.Platform" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-59539", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-59539" }, { "reference_url": "https://github.com/advisories/GHSA-7rcc-q6rq-jpcm", "reference_id": "GHSA-7rcc-q6rq-jpcm", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-7rcc-q6rq-jpcm" }, { "reference_url": "https://github.com/dnnsoftware/Dnn.Platform/security/advisories/GHSA-7rcc-q6rq-jpcm", "reference_id": "GHSA-7rcc-q6rq-jpcm", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-23T18:30:23Z/" } ], "url": "https://github.com/dnnsoftware/Dnn.Platform/security/advisories/GHSA-7rcc-q6rq-jpcm" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/376615?format=api", "purl": "pkg:nuget/DotNetNuke.Core@10.1.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-6227-44sm-nkbb" }, { "vulnerability": "VCID-axxm-bb71-33dj" }, { "vulnerability": "VCID-fyxq-vtfm-s3ec" }, { "vulnerability": "VCID-k89y-aedv-uugd" }, { "vulnerability": "VCID-kwns-m3j3-8kb7" }, { "vulnerability": "VCID-q7dx-jb8e-wua4" }, { "vulnerability": "VCID-smd5-xy65-jufc" }, { "vulnerability": "VCID-wau9-knn5-vqbp" }, { "vulnerability": "VCID-z9tg-26ja-c7hw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:nuget/DotNetNuke.Core@10.1.0" } ], "aliases": [ "CVE-2025-59539", "GHSA-7rcc-q6rq-jpcm" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-c87b-2p6c-xqh8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/173030?format=api", "vulnerability_id": "VCID-eaz6-q3m7-4bep", "summary": "An arbitrary file upload vulnerability in the Digital Assets Manager module of DNN Corp DotNetNuke v7.0.0 to v9.10.2 allows attackers to execute arbitrary code via a crafted SVG file.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-47053", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00738", "scoring_system": "epss", "scoring_elements": "0.7331", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00738", "scoring_system": "epss", "scoring_elements": "0.73387", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-47053" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-47053", "reference_id": "CVE-2022-47053", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-47053" }, { "reference_url": "https://www.dnnsoftware.com/community/security/security-center", "reference_id": "security-center", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-10T16:43:29Z/" } ], "url": "https://www.dnnsoftware.com/community/security/security-center" }, { "reference_url": "https://www.dnnsoftware.com/community/security/security-center#:~:text=XSS%20in%20Digital%20Asset%20Manager", "reference_id": "security-center#:~:text=XSS%20in%20Digital%20Asset%20Manager", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-10T16:43:29Z/" } ], "url": "https://www.dnnsoftware.com/community/security/security-center#:~:text=XSS%20in%20Digital%20Asset%20Manager" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/27208?format=api", "purl": "pkg:nuget/DotNetNuke.Core@9.11.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2d1y-21mg-9kdx" }, { "vulnerability": "VCID-4wd1-t7cm-9yd2" }, { "vulnerability": "VCID-6227-44sm-nkbb" }, { "vulnerability": "VCID-as6z-jr8m-6kbm" }, { "vulnerability": "VCID-axxm-bb71-33dj" }, { "vulnerability": "VCID-c87b-2p6c-xqh8" }, { "vulnerability": "VCID-epah-7729-rqba" }, { "vulnerability": "VCID-f55k-m678-vbfr" }, { "vulnerability": "VCID-fyxq-vtfm-s3ec" }, { "vulnerability": "VCID-k89y-aedv-uugd" }, { "vulnerability": "VCID-kwns-m3j3-8kb7" }, { "vulnerability": "VCID-q3he-ta5n-hkec" }, { "vulnerability": "VCID-q7dx-jb8e-wua4" }, { "vulnerability": "VCID-smd5-xy65-jufc" }, { "vulnerability": "VCID-trdq-rcjg-s7gy" }, { "vulnerability": "VCID-wau9-knn5-vqbp" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:nuget/DotNetNuke.Core@9.11.0" } ], "aliases": [ "CVE-2022-47053" ], "risk_score": 1.4, "exploitability": "0.5", "weighted_severity": "2.7", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-eaz6-q3m7-4bep" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/101057?format=api", "vulnerability_id": "VCID-epah-7729-rqba", "summary": "DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Prior to version 10.1.0, the Prompt module allows execution of commands that can return raw HTML. Malicious input, even if sanitized for display elsewhere, can be executed when processed through certain commands, leading to potential script execution (XSS). This issue has been patched in version 10.1.0.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-59545", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00098", "scoring_system": "epss", "scoring_elements": "0.27062", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00098", "scoring_system": "epss", "scoring_elements": "0.2686", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-59545" }, { "reference_url": "https://github.com/dnnsoftware/Dnn.Platform", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/dnnsoftware/Dnn.Platform" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-59545", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-59545" }, { "reference_url": "https://github.com/advisories/GHSA-2qxc-mf4x-wr29", "reference_id": "GHSA-2qxc-mf4x-wr29", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-2qxc-mf4x-wr29" }, { "reference_url": "https://github.com/dnnsoftware/Dnn.Platform/security/advisories/GHSA-2qxc-mf4x-wr29", "reference_id": "GHSA-2qxc-mf4x-wr29", "reference_type": "", "scores": [ { "value": "9.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H" }, { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-09-23T18:30:12Z/" } ], "url": "https://github.com/dnnsoftware/Dnn.Platform/security/advisories/GHSA-2qxc-mf4x-wr29" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/376615?format=api", "purl": "pkg:nuget/DotNetNuke.Core@10.1.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-6227-44sm-nkbb" }, { "vulnerability": "VCID-axxm-bb71-33dj" }, { "vulnerability": "VCID-fyxq-vtfm-s3ec" }, { "vulnerability": "VCID-k89y-aedv-uugd" }, { "vulnerability": "VCID-kwns-m3j3-8kb7" }, { "vulnerability": "VCID-q7dx-jb8e-wua4" }, { "vulnerability": "VCID-smd5-xy65-jufc" }, { "vulnerability": "VCID-wau9-knn5-vqbp" }, { "vulnerability": "VCID-z9tg-26ja-c7hw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:nuget/DotNetNuke.Core@10.1.0" } ], "aliases": [ "CVE-2025-59545", "GHSA-2qxc-mf4x-wr29" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-epah-7729-rqba" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/118496?format=api", "vulnerability_id": "VCID-f55k-m678-vbfr", "summary": "DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Prior to version 9.13.9, a specially crafted URL may be constructed which can inject an XSS payload that is triggered by using some module actions. Version 9.13.9 fixes the issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-48377", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00141", "scoring_system": "epss", "scoring_elements": "0.34174", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00141", "scoring_system": "epss", "scoring_elements": "0.33998", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-48377" }, { "reference_url": "https://github.com/dnnsoftware/Dnn.Platform", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.0", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/dnnsoftware/Dnn.Platform" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-48377", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.0", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-48377" }, { "reference_url": "https://github.com/dnnsoftware/Dnn.Platform/commit/351b166492ad4b6509c273dc83211d52238e31a7", "reference_id": "351b166492ad4b6509c273dc83211d52238e31a7", "reference_type": "", "scores": [ { "value": "6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N" }, { "value": "6.0", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-23T15:51:04Z/" } ], "url": "https://github.com/dnnsoftware/Dnn.Platform/commit/351b166492ad4b6509c273dc83211d52238e31a7" }, { "reference_url": "https://github.com/advisories/GHSA-79m3-rvx2-3qq9", "reference_id": "GHSA-79m3-rvx2-3qq9", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-79m3-rvx2-3qq9" }, { "reference_url": "https://github.com/dnnsoftware/Dnn.Platform/security/advisories/GHSA-79m3-rvx2-3qq9", "reference_id": "GHSA-79m3-rvx2-3qq9", "reference_type": "", "scores": [ { "value": "6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N" }, { "value": "6.0", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-23T15:51:04Z/" } ], "url": "https://github.com/dnnsoftware/Dnn.Platform/security/advisories/GHSA-79m3-rvx2-3qq9" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/38328?format=api", "purl": "pkg:nuget/DotNetNuke.Core@9.13.9", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2d1y-21mg-9kdx" }, { "vulnerability": "VCID-6227-44sm-nkbb" }, { "vulnerability": "VCID-as6z-jr8m-6kbm" }, { "vulnerability": "VCID-axxm-bb71-33dj" }, { "vulnerability": "VCID-c87b-2p6c-xqh8" }, { "vulnerability": "VCID-epah-7729-rqba" }, { "vulnerability": "VCID-fyxq-vtfm-s3ec" }, { "vulnerability": "VCID-k89y-aedv-uugd" }, { "vulnerability": "VCID-kwns-m3j3-8kb7" }, { "vulnerability": "VCID-q7dx-jb8e-wua4" }, { "vulnerability": "VCID-smd5-xy65-jufc" }, { "vulnerability": "VCID-trdq-rcjg-s7gy" }, { "vulnerability": "VCID-wau9-knn5-vqbp" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:nuget/DotNetNuke.Core@9.13.9" } ], "aliases": [ "CVE-2025-48377", "GHSA-79m3-rvx2-3qq9" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-f55k-m678-vbfr" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/82686?format=api", "vulnerability_id": "VCID-fyxq-vtfm-s3ec", "summary": "DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Prior to versions 9.13.10 and 10.2.0, module title supports richtext which could include scripts that would execute in certain scenarios. Versions 9.13.10 and 10.2.0 contain a fix for the issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-24838", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00055", "scoring_system": "epss", "scoring_elements": "0.17641", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00055", "scoring_system": "epss", "scoring_elements": "0.17479", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-24838" }, { "reference_url": "https://github.com/dnnsoftware/Dnn.Platform", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/dnnsoftware/Dnn.Platform" }, { "reference_url": "https://github.com/dnnsoftware/Dnn.Platform/commit/4a4bcbcdf3cedbf702816f8168c4d51bf688f7f6", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/dnnsoftware/Dnn.Platform/commit/4a4bcbcdf3cedbf702816f8168c4d51bf688f7f6" }, { "reference_url": "https://github.com/dnnsoftware/Dnn.Platform/releases/tag/v10.2.0", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/dnnsoftware/Dnn.Platform/releases/tag/v10.2.0" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-24838", "reference_id": "CVE-2026-24838", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-24838" }, { "reference_url": "https://github.com/advisories/GHSA-w9pf-h6m6-v89h", "reference_id": "GHSA-w9pf-h6m6-v89h", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-w9pf-h6m6-v89h" }, { "reference_url": "https://github.com/dnnsoftware/Dnn.Platform/security/advisories/GHSA-w9pf-h6m6-v89h", "reference_id": "GHSA-w9pf-h6m6-v89h", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-01-28T15:03:11Z/" } ], "url": "https://github.com/dnnsoftware/Dnn.Platform/security/advisories/GHSA-w9pf-h6m6-v89h" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/38322?format=api", "purl": "pkg:nuget/DotNetNuke.Core@9.13.10", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:nuget/DotNetNuke.Core@9.13.10" }, { "url": "http://public2.vulnerablecode.io/api/packages/38325?format=api", "purl": "pkg:nuget/DotNetNuke.Core@10.2.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-axxm-bb71-33dj" }, { "vulnerability": "VCID-kwns-m3j3-8kb7" }, { "vulnerability": "VCID-q7dx-jb8e-wua4" }, { "vulnerability": "VCID-z9tg-26ja-c7hw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:nuget/DotNetNuke.Core@10.2.0" } ], "aliases": [ "CVE-2026-24838", "GHSA-w9pf-h6m6-v89h" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-fyxq-vtfm-s3ec" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/174477?format=api", "vulnerability_id": "VCID-gkac-w1q4-wfgw", "summary": "Relative Path Traversal in GitHub repository dnnsoftware/dnn.platform prior to 9.11.0.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-2922", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00453", "scoring_system": "epss", "scoring_elements": "0.64193", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00453", "scoring_system": "epss", "scoring_elements": "0.64296", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-2922" }, { "reference_url": "https://github.com/dnnsoftware/dnn.platform", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/dnnsoftware/dnn.platform" }, { "reference_url": "https://github.com/dnnsoftware/Dnn.Platform/commit/3697c5344cef8d49214230f0cc2efcd9e93a00a8", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/dnnsoftware/Dnn.Platform/commit/3697c5344cef8d49214230f0cc2efcd9e93a00a8" }, { "reference_url": "https://huntr.dev/bounties/74918f40-dc11-4218-abef-064eb71a0703", "reference_id": "74918f40-dc11-4218-abef-064eb71a0703", "reference_type": "", "scores": [ { "value": "4.9", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N" }, { "value": "4.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-20T16:03:27Z/" } ], "url": "https://huntr.dev/bounties/74918f40-dc11-4218-abef-064eb71a0703" }, { "reference_url": "https://github.com/dnnsoftware/dnn.platform/commit/9b17351592fbde376506ba6705dbcc7a74a2a195", "reference_id": "9b17351592fbde376506ba6705dbcc7a74a2a195", "reference_type": "", "scores": [ { "value": "4.9", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N" }, { "value": "4.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-20T16:03:27Z/" } ], "url": "https://github.com/dnnsoftware/dnn.platform/commit/9b17351592fbde376506ba6705dbcc7a74a2a195" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-2922", "reference_id": "CVE-2022-2922", "reference_type": "", "scores": [ { "value": "4.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-2922" }, { "reference_url": "https://github.com/advisories/GHSA-9w72-2f23-57gm", "reference_id": "GHSA-9w72-2f23-57gm", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-9w72-2f23-57gm" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/27208?format=api", "purl": "pkg:nuget/DotNetNuke.Core@9.11.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2d1y-21mg-9kdx" }, { "vulnerability": "VCID-4wd1-t7cm-9yd2" }, { "vulnerability": "VCID-6227-44sm-nkbb" }, { "vulnerability": "VCID-as6z-jr8m-6kbm" }, { "vulnerability": "VCID-axxm-bb71-33dj" }, { "vulnerability": "VCID-c87b-2p6c-xqh8" }, { "vulnerability": "VCID-epah-7729-rqba" }, { "vulnerability": "VCID-f55k-m678-vbfr" }, { "vulnerability": "VCID-fyxq-vtfm-s3ec" }, { "vulnerability": "VCID-k89y-aedv-uugd" }, { "vulnerability": "VCID-kwns-m3j3-8kb7" }, { "vulnerability": "VCID-q3he-ta5n-hkec" }, { "vulnerability": "VCID-q7dx-jb8e-wua4" }, { "vulnerability": "VCID-smd5-xy65-jufc" }, { "vulnerability": "VCID-trdq-rcjg-s7gy" }, { "vulnerability": "VCID-wau9-knn5-vqbp" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:nuget/DotNetNuke.Core@9.11.0" } ], "aliases": [ "CVE-2022-2922", "GHSA-9w72-2f23-57gm" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-gkac-w1q4-wfgw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/329523?format=api", "vulnerability_id": "VCID-hdzp-q5cp-uuf5", "summary": "", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-5186", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00353", "scoring_system": "epss", "scoring_elements": "0.58169", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00353", "scoring_system": "epss", "scoring_elements": "0.58056", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-5186" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-5186", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-5186" }, { "reference_url": "https://packetstormsecurity.com/files/156483/DotNetNuke-CMS-9.5.0-Cross-Site-Scripting.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://packetstormsecurity.com/files/156483/DotNetNuke-CMS-9.5.0-Cross-Site-Scripting.html" }, { "reference_url": "https://github.com/advisories/GHSA-9phr-h5mx-4fp6", "reference_id": "GHSA-9phr-h5mx-4fp6", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-9phr-h5mx-4fp6" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/385270?format=api", "purl": "pkg:nuget/DotNetNuke.Core@9.5.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2d1y-21mg-9kdx" }, { "vulnerability": "VCID-4wd1-t7cm-9yd2" }, { "vulnerability": "VCID-6227-44sm-nkbb" }, { "vulnerability": "VCID-76dr-n4fx-nud6" }, { "vulnerability": "VCID-as6z-jr8m-6kbm" }, { "vulnerability": "VCID-axxm-bb71-33dj" }, { "vulnerability": "VCID-c87b-2p6c-xqh8" }, { "vulnerability": "VCID-eaz6-q3m7-4bep" }, { "vulnerability": "VCID-epah-7729-rqba" }, { "vulnerability": "VCID-f55k-m678-vbfr" }, { "vulnerability": "VCID-fyxq-vtfm-s3ec" }, { "vulnerability": "VCID-gkac-w1q4-wfgw" }, { "vulnerability": "VCID-k89y-aedv-uugd" }, { "vulnerability": "VCID-kwns-m3j3-8kb7" }, { "vulnerability": "VCID-q3he-ta5n-hkec" }, { "vulnerability": "VCID-q7dx-jb8e-wua4" }, { "vulnerability": "VCID-qcc1-r81m-7ud6" }, { "vulnerability": "VCID-smd5-xy65-jufc" }, { "vulnerability": "VCID-tfyx-ssz9-1qah" }, { "vulnerability": "VCID-trdq-rcjg-s7gy" }, { "vulnerability": "VCID-wau9-knn5-vqbp" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:nuget/DotNetNuke.Core@9.5.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/400849?format=api", "purl": "pkg:nuget/DotNetNuke.Core@9.13.0-ci0000", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2d1y-21mg-9kdx" }, { "vulnerability": "VCID-4wd1-t7cm-9yd2" }, { "vulnerability": "VCID-6227-44sm-nkbb" }, { "vulnerability": "VCID-as6z-jr8m-6kbm" }, { "vulnerability": "VCID-axxm-bb71-33dj" }, { "vulnerability": "VCID-c87b-2p6c-xqh8" }, { "vulnerability": "VCID-epah-7729-rqba" }, { "vulnerability": "VCID-f55k-m678-vbfr" }, { "vulnerability": "VCID-fyxq-vtfm-s3ec" }, { "vulnerability": "VCID-k89y-aedv-uugd" }, { "vulnerability": "VCID-kwns-m3j3-8kb7" }, { "vulnerability": "VCID-q3he-ta5n-hkec" }, { "vulnerability": "VCID-q7dx-jb8e-wua4" }, { "vulnerability": "VCID-smd5-xy65-jufc" }, { "vulnerability": "VCID-trdq-rcjg-s7gy" }, { "vulnerability": "VCID-wau9-knn5-vqbp" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:nuget/DotNetNuke.Core@9.13.0-ci0000" } ], "aliases": [ "CVE-2020-5186", "GHSA-9phr-h5mx-4fp6" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-hdzp-q5cp-uuf5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/82832?format=api", "vulnerability_id": "VCID-k89y-aedv-uugd", "summary": "DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Starting in version 9.0.0 and prior to versions 9.13.10 and 10.2.0, a module friendly name could include scripts that will run during some module operations in the Persona Bar. Versions 9.13.10 and 10.2.0 contain a fix for the issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-24837", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00017", "scoring_system": "epss", "scoring_elements": "0.04175", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00017", "scoring_system": "epss", "scoring_elements": "0.04163", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-24837" }, { "reference_url": "https://github.com/dnnsoftware/Dnn.Platform", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/dnnsoftware/Dnn.Platform" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-24837", "reference_id": "CVE-2026-24837", "reference_type": "", "scores": [ { "value": "7.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-24837" }, { "reference_url": "https://github.com/advisories/GHSA-vm5q-8qww-h238", "reference_id": "GHSA-vm5q-8qww-h238", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-vm5q-8qww-h238" }, { "reference_url": "https://github.com/dnnsoftware/Dnn.Platform/security/advisories/GHSA-vm5q-8qww-h238", "reference_id": "GHSA-vm5q-8qww-h238", "reference_type": "", "scores": [ { "value": "7.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H" }, { "value": "7.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-01-28T21:02:52Z/" } ], "url": "https://github.com/dnnsoftware/Dnn.Platform/security/advisories/GHSA-vm5q-8qww-h238" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/38325?format=api", "purl": "pkg:nuget/DotNetNuke.Core@10.2.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-axxm-bb71-33dj" }, { "vulnerability": "VCID-kwns-m3j3-8kb7" }, { "vulnerability": "VCID-q7dx-jb8e-wua4" }, { "vulnerability": "VCID-z9tg-26ja-c7hw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:nuget/DotNetNuke.Core@10.2.0" } ], "aliases": [ "CVE-2026-24837", "GHSA-vm5q-8qww-h238" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-k89y-aedv-uugd" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/84164?format=api", "vulnerability_id": "VCID-kwns-m3j3-8kb7", "summary": "DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Starting in version 6.0.0 and prior to version 10.2.2, in the friends feature, a user could craft a request that would force the acceptance of a friend request on another user. Version 10.2.2 patches the issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-40305", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00034", "scoring_system": "epss", "scoring_elements": "0.10514", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00034", "scoring_system": "epss", "scoring_elements": "0.1057", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-40305" }, { "reference_url": "https://github.com/dnnsoftware/Dnn.Platform", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/dnnsoftware/Dnn.Platform" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-40305", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-40305" }, { "reference_url": "https://github.com/advisories/GHSA-fpj4-9qhx-5m6m", "reference_id": "GHSA-fpj4-9qhx-5m6m", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-fpj4-9qhx-5m6m" }, { "reference_url": "https://github.com/dnnsoftware/Dnn.Platform/security/advisories/GHSA-fpj4-9qhx-5m6m", "reference_id": "GHSA-fpj4-9qhx-5m6m", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-20T13:22:45Z/" } ], "url": "https://github.com/dnnsoftware/Dnn.Platform/security/advisories/GHSA-fpj4-9qhx-5m6m" }, { "reference_url": "https://github.com/dnnsoftware/Dnn.Platform/releases/tag/v10.2.2", "reference_id": "v10.2.2", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-20T13:22:45Z/" } ], "url": "https://github.com/dnnsoftware/Dnn.Platform/releases/tag/v10.2.2" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/373520?format=api", "purl": "pkg:nuget/DotNetNuke.Core@10.2.2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:nuget/DotNetNuke.Core@10.2.2" } ], "aliases": [ "CVE-2026-40305", "GHSA-fpj4-9qhx-5m6m" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-kwns-m3j3-8kb7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/114577?format=api", "vulnerability_id": "VCID-q3he-ta5n-hkec", "summary": "DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. A bypass has been identified for the previously known vulnerability CVE-2017-0929, allowing unauthenticated attackers to execute arbitrary GET requests against target systems, including internal or adjacent networks. This vulnerability facilitates a semi-blind SSRF attack, allowing attackers to make the target server send requests to internal or external URLs without viewing the full responses. Potential impacts include internal network reconnaissance, bypassing firewalls. This vulnerability is fixed in 9.13.8.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-32372", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00102", "scoring_system": "epss", "scoring_elements": "0.27814", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00102", "scoring_system": "epss", "scoring_elements": "0.27612", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-32372" }, { "reference_url": "https://github.com/dnnsoftware/Dnn.Platform", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/dnnsoftware/Dnn.Platform" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-32372", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-32372" }, { "reference_url": "https://github.com/dnnsoftware/Dnn.Platform/commit/4721dd9eef846936d3b1a3676499e46968d15feb", "reference_id": "4721dd9eef846936d3b1a3676499e46968d15feb", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-09T15:39:52Z/" } ], "url": "https://github.com/dnnsoftware/Dnn.Platform/commit/4721dd9eef846936d3b1a3676499e46968d15feb" }, { "reference_url": "https://github.com/advisories/GHSA-3f7v-qx94-666m", "reference_id": "GHSA-3f7v-qx94-666m", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-3f7v-qx94-666m" }, { "reference_url": "https://github.com/dnnsoftware/Dnn.Platform/security/advisories/GHSA-3f7v-qx94-666m", "reference_id": "GHSA-3f7v-qx94-666m", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-09T15:39:52Z/" } ], "url": "https://github.com/dnnsoftware/Dnn.Platform/security/advisories/GHSA-3f7v-qx94-666m" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/376256?format=api", "purl": "pkg:nuget/DotNetNuke.Core@9.13.8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2d1y-21mg-9kdx" }, { "vulnerability": "VCID-4wd1-t7cm-9yd2" }, { "vulnerability": "VCID-6227-44sm-nkbb" }, { "vulnerability": "VCID-as6z-jr8m-6kbm" }, { "vulnerability": "VCID-axxm-bb71-33dj" }, { "vulnerability": "VCID-c87b-2p6c-xqh8" }, { "vulnerability": "VCID-epah-7729-rqba" }, { "vulnerability": "VCID-f55k-m678-vbfr" }, { "vulnerability": "VCID-fyxq-vtfm-s3ec" }, { "vulnerability": "VCID-k89y-aedv-uugd" }, { "vulnerability": "VCID-kwns-m3j3-8kb7" }, { "vulnerability": "VCID-q7dx-jb8e-wua4" }, { "vulnerability": "VCID-smd5-xy65-jufc" }, { "vulnerability": "VCID-trdq-rcjg-s7gy" }, { "vulnerability": "VCID-wau9-knn5-vqbp" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:nuget/DotNetNuke.Core@9.13.8" } ], "aliases": [ "CVE-2025-32372", "GHSA-3f7v-qx94-666m" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-q3he-ta5n-hkec" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/359949?format=api", "vulnerability_id": "VCID-q7dx-jb8e-wua4", "summary": "DotNetNuke.Core security code analysis rules triggered\nThe codebase raises code analysis warnings related to security, including CA3075, CA5366, CA5371, CA5368, CA5369, CA5372, CA5379, CA5350, and CA5351.\n\nMost of these deal with disabling DTD processing in XML documents, but also includes cryptographic algorithm choices.", "references": [ { "reference_url": "https://github.com/dnnsoftware/Dnn.Platform", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/dnnsoftware/Dnn.Platform" }, { "reference_url": "https://github.com/dnnsoftware/Dnn.Platform/security/advisories/GHSA-fcpv-w245-r2q7", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/dnnsoftware/Dnn.Platform/security/advisories/GHSA-fcpv-w245-r2q7" }, { "reference_url": "https://github.com/advisories/GHSA-fcpv-w245-r2q7", "reference_id": "GHSA-fcpv-w245-r2q7", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-fcpv-w245-r2q7" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/373520?format=api", "purl": "pkg:nuget/DotNetNuke.Core@10.2.2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:nuget/DotNetNuke.Core@10.2.2" } ], "aliases": [ "GHSA-fcpv-w245-r2q7" ], "risk_score": 1.4, "exploitability": "0.5", "weighted_severity": "2.7", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-q7dx-jb8e-wua4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/90930?format=api", "vulnerability_id": "VCID-smd5-xy65-jufc", "summary": "DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Prior to 10.1.1, sanitization of the content of uploaded SVG files was not covering all possible XSS scenarios. This vulnerability exists because of an incomplete fix for CVE-2025-48378. This vulnerability is fixed in 10.1.1.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-64094", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00025", "scoring_system": "epss", "scoring_elements": "0.07536", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00025", "scoring_system": "epss", "scoring_elements": "0.07571", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-64094" }, { "reference_url": "https://github.com/dnnsoftware/Dnn.Platform", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/dnnsoftware/Dnn.Platform" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-64094", "reference_id": "CVE-2025-64094", "reference_type": "", "scores": [ { "value": "6.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-64094" }, { "reference_url": "https://github.com/advisories/GHSA-hmvq-8p83-cq52", "reference_id": "GHSA-hmvq-8p83-cq52", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-hmvq-8p83-cq52" }, { "reference_url": "https://github.com/dnnsoftware/Dnn.Platform/security/advisories/GHSA-hmvq-8p83-cq52", "reference_id": "GHSA-hmvq-8p83-cq52", "reference_type": "", "scores": [ { "value": "6.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-29T14:51:54Z/" } ], "url": "https://github.com/dnnsoftware/Dnn.Platform/security/advisories/GHSA-hmvq-8p83-cq52" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/34899?format=api", "purl": "pkg:nuget/DotNetNuke.Core@10.1.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-6227-44sm-nkbb" }, { "vulnerability": "VCID-axxm-bb71-33dj" }, { "vulnerability": "VCID-fyxq-vtfm-s3ec" }, { "vulnerability": "VCID-k89y-aedv-uugd" }, { "vulnerability": "VCID-kwns-m3j3-8kb7" }, { "vulnerability": "VCID-q7dx-jb8e-wua4" }, { "vulnerability": "VCID-wau9-knn5-vqbp" }, { "vulnerability": "VCID-z9tg-26ja-c7hw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:nuget/DotNetNuke.Core@10.1.1" } ], "aliases": [ "CVE-2025-64094", "GHSA-hmvq-8p83-cq52" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-smd5-xy65-jufc" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/329525?format=api", "vulnerability_id": "VCID-tc3h-gp3h-euf9", "summary": "", "references": [ { "reference_url": "http://packetstormsecurity.com/files/156484/DotNetNuke-CMS-9.5.0-File-Extension-Check-Bypass.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://packetstormsecurity.com/files/156484/DotNetNuke-CMS-9.5.0-File-Extension-Check-Bypass.html" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-5188", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00254", "scoring_system": "epss", "scoring_elements": "0.48981", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00254", "scoring_system": "epss", "scoring_elements": "0.49117", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-5188" }, { "reference_url": "https://github.com/dnnsoftware/Dnn.Platform", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/dnnsoftware/Dnn.Platform" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-5188", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-5188" }, { "reference_url": "https://github.com/advisories/GHSA-vjcm-j85r-7p68", "reference_id": "GHSA-vjcm-j85r-7p68", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-vjcm-j85r-7p68" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/385270?format=api", "purl": "pkg:nuget/DotNetNuke.Core@9.5.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2d1y-21mg-9kdx" }, { "vulnerability": "VCID-4wd1-t7cm-9yd2" }, { "vulnerability": "VCID-6227-44sm-nkbb" }, { "vulnerability": "VCID-76dr-n4fx-nud6" }, { "vulnerability": "VCID-as6z-jr8m-6kbm" }, { "vulnerability": "VCID-axxm-bb71-33dj" }, { "vulnerability": "VCID-c87b-2p6c-xqh8" }, { "vulnerability": "VCID-eaz6-q3m7-4bep" }, { "vulnerability": "VCID-epah-7729-rqba" }, { "vulnerability": "VCID-f55k-m678-vbfr" }, { "vulnerability": "VCID-fyxq-vtfm-s3ec" }, { "vulnerability": "VCID-gkac-w1q4-wfgw" }, { "vulnerability": "VCID-k89y-aedv-uugd" }, { "vulnerability": "VCID-kwns-m3j3-8kb7" }, { "vulnerability": "VCID-q3he-ta5n-hkec" }, { "vulnerability": "VCID-q7dx-jb8e-wua4" }, { "vulnerability": "VCID-qcc1-r81m-7ud6" }, { "vulnerability": "VCID-smd5-xy65-jufc" }, { "vulnerability": "VCID-tfyx-ssz9-1qah" }, { "vulnerability": "VCID-trdq-rcjg-s7gy" }, { "vulnerability": "VCID-wau9-knn5-vqbp" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:nuget/DotNetNuke.Core@9.5.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/400849?format=api", "purl": "pkg:nuget/DotNetNuke.Core@9.13.0-ci0000", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2d1y-21mg-9kdx" }, { "vulnerability": "VCID-4wd1-t7cm-9yd2" }, { "vulnerability": "VCID-6227-44sm-nkbb" }, { "vulnerability": "VCID-as6z-jr8m-6kbm" }, { "vulnerability": "VCID-axxm-bb71-33dj" }, { "vulnerability": "VCID-c87b-2p6c-xqh8" }, { "vulnerability": "VCID-epah-7729-rqba" }, { "vulnerability": "VCID-f55k-m678-vbfr" }, { "vulnerability": "VCID-fyxq-vtfm-s3ec" }, { "vulnerability": "VCID-k89y-aedv-uugd" }, { "vulnerability": "VCID-kwns-m3j3-8kb7" }, { "vulnerability": "VCID-q3he-ta5n-hkec" }, { "vulnerability": "VCID-q7dx-jb8e-wua4" }, { "vulnerability": "VCID-smd5-xy65-jufc" }, { "vulnerability": "VCID-trdq-rcjg-s7gy" }, { "vulnerability": "VCID-wau9-knn5-vqbp" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:nuget/DotNetNuke.Core@9.13.0-ci0000" } ], "aliases": [ "CVE-2020-5188", "GHSA-vjcm-j85r-7p68" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-tc3h-gp3h-euf9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/339688?format=api", "vulnerability_id": "VCID-tfyx-ssz9-1qah", "summary": "", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-31858", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00234", "scoring_system": "epss", "scoring_elements": "0.46512", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00234", "scoring_system": "epss", "scoring_elements": "0.46657", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-31858" }, { "reference_url": "https://labs.integrity.pt/advisories/cve-2021-31858/", "reference_id": "CVE-2021-31858", "reference_type": "", "scores": [], "url": "https://labs.integrity.pt/advisories/cve-2021-31858/" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-31858", "reference_id": "CVE-2021-31858", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-31858" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/400849?format=api", "purl": "pkg:nuget/DotNetNuke.Core@9.13.0-ci0000", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2d1y-21mg-9kdx" }, { "vulnerability": "VCID-4wd1-t7cm-9yd2" }, { "vulnerability": "VCID-6227-44sm-nkbb" }, { "vulnerability": "VCID-as6z-jr8m-6kbm" }, { "vulnerability": "VCID-axxm-bb71-33dj" }, { "vulnerability": "VCID-c87b-2p6c-xqh8" }, { "vulnerability": "VCID-epah-7729-rqba" }, { "vulnerability": "VCID-f55k-m678-vbfr" }, { "vulnerability": "VCID-fyxq-vtfm-s3ec" }, { "vulnerability": "VCID-k89y-aedv-uugd" }, { "vulnerability": "VCID-kwns-m3j3-8kb7" }, { "vulnerability": "VCID-q3he-ta5n-hkec" }, { "vulnerability": "VCID-q7dx-jb8e-wua4" }, { "vulnerability": "VCID-smd5-xy65-jufc" }, { "vulnerability": "VCID-trdq-rcjg-s7gy" }, { "vulnerability": "VCID-wau9-knn5-vqbp" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:nuget/DotNetNuke.Core@9.13.0-ci0000" } ], "aliases": [ "CVE-2021-31858" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-tfyx-ssz9-1qah" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/101151?format=api", "vulnerability_id": "VCID-trdq-rcjg-s7gy", "summary": "DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Prior to version 10.1.0, arbitrary themes can be loaded through query parameters. If an installed theme had a vulnerability, even if it was not used on any page, this could be loaded on unsuspecting clients without knowledge of the site owner. This issue has been patched in version 10.1.0.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-59535", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00126", "scoring_system": "epss", "scoring_elements": "0.31369", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00126", "scoring_system": "epss", "scoring_elements": "0.31561", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-59535" }, { "reference_url": "https://dnncommunity.org/?SkinSrc=%5BG%5Dskins%2Fxcillion%2Fhome&ContainerSrc=%5BG%5DContainers%2FXcillion%2FNoTitle", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://dnncommunity.org/?SkinSrc=%5BG%5Dskins%2Fxcillion%2Fhome&ContainerSrc=%5BG%5DContainers%2FXcillion%2FNoTitle" }, { "reference_url": "https://github.com/dnnsoftware/Dnn.Platform", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/dnnsoftware/Dnn.Platform" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-59535", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-59535" }, { "reference_url": "https://github.com/dnnsoftware/Dnn.Platform/commit/72f30f69fd2214d77f6c2577dfcca495a24caf5c", "reference_id": "72f30f69fd2214d77f6c2577dfcca495a24caf5c", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-09-23T20:08:12Z/" } ], "url": "https://github.com/dnnsoftware/Dnn.Platform/commit/72f30f69fd2214d77f6c2577dfcca495a24caf5c" }, { "reference_url": "https://github.com/advisories/GHSA-wq2j-w9pm-7x2p", "reference_id": "GHSA-wq2j-w9pm-7x2p", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-wq2j-w9pm-7x2p" }, { "reference_url": "https://github.com/dnnsoftware/Dnn.Platform/security/advisories/GHSA-wq2j-w9pm-7x2p", "reference_id": "GHSA-wq2j-w9pm-7x2p", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-09-23T20:08:12Z/" } ], "url": "https://github.com/dnnsoftware/Dnn.Platform/security/advisories/GHSA-wq2j-w9pm-7x2p" }, { "reference_url": "https://github.com/dnnsoftware/Dnn.Platform/blob/develop/DNN%20Platform/Library/UI/Skins/Skin.cs#L305", "reference_id": "Skin.cs#L305", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-09-23T20:08:12Z/" } ], "url": "https://github.com/dnnsoftware/Dnn.Platform/blob/develop/DNN%20Platform/Library/UI/Skins/Skin.cs#L305" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/376615?format=api", "purl": "pkg:nuget/DotNetNuke.Core@10.1.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-6227-44sm-nkbb" }, { "vulnerability": "VCID-axxm-bb71-33dj" }, { "vulnerability": "VCID-fyxq-vtfm-s3ec" }, { "vulnerability": "VCID-k89y-aedv-uugd" }, { "vulnerability": "VCID-kwns-m3j3-8kb7" }, { "vulnerability": "VCID-q7dx-jb8e-wua4" }, { "vulnerability": "VCID-smd5-xy65-jufc" }, { "vulnerability": "VCID-wau9-knn5-vqbp" }, { "vulnerability": "VCID-z9tg-26ja-c7hw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:nuget/DotNetNuke.Core@10.1.0" } ], "aliases": [ "CVE-2025-59535", "GHSA-wq2j-w9pm-7x2p" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-trdq-rcjg-s7gy" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/329524?format=api", "vulnerability_id": "VCID-w7dd-uzf2-d7au", "summary": "", "references": [ { "reference_url": "http://packetstormsecurity.com/files/156489/DotNetNuke-CMS-9.4.4-Zip-Directory-Traversal.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://packetstormsecurity.com/files/156489/DotNetNuke-CMS-9.4.4-Zip-Directory-Traversal.html" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-5187", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00709", "scoring_system": "epss", "scoring_elements": "0.72682", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00709", "scoring_system": "epss", "scoring_elements": "0.72758", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-5187" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-5187", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-5187" }, { "reference_url": "https://github.com/advisories/GHSA-4qf5-7xc2-wqpg", "reference_id": "GHSA-4qf5-7xc2-wqpg", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-4qf5-7xc2-wqpg" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/385270?format=api", "purl": "pkg:nuget/DotNetNuke.Core@9.5.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2d1y-21mg-9kdx" }, { "vulnerability": "VCID-4wd1-t7cm-9yd2" }, { "vulnerability": "VCID-6227-44sm-nkbb" }, { "vulnerability": "VCID-76dr-n4fx-nud6" }, { "vulnerability": "VCID-as6z-jr8m-6kbm" }, { "vulnerability": "VCID-axxm-bb71-33dj" }, { "vulnerability": "VCID-c87b-2p6c-xqh8" }, { "vulnerability": "VCID-eaz6-q3m7-4bep" }, { "vulnerability": "VCID-epah-7729-rqba" }, { "vulnerability": "VCID-f55k-m678-vbfr" }, { "vulnerability": "VCID-fyxq-vtfm-s3ec" }, { "vulnerability": "VCID-gkac-w1q4-wfgw" }, { "vulnerability": "VCID-k89y-aedv-uugd" }, { "vulnerability": "VCID-kwns-m3j3-8kb7" }, { "vulnerability": "VCID-q3he-ta5n-hkec" }, { "vulnerability": "VCID-q7dx-jb8e-wua4" }, { "vulnerability": "VCID-qcc1-r81m-7ud6" }, { "vulnerability": "VCID-smd5-xy65-jufc" }, { "vulnerability": "VCID-tfyx-ssz9-1qah" }, { "vulnerability": "VCID-trdq-rcjg-s7gy" }, { "vulnerability": "VCID-wau9-knn5-vqbp" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:nuget/DotNetNuke.Core@9.5.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/400849?format=api", "purl": "pkg:nuget/DotNetNuke.Core@9.13.0-ci0000", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2d1y-21mg-9kdx" }, { "vulnerability": "VCID-4wd1-t7cm-9yd2" }, { "vulnerability": "VCID-6227-44sm-nkbb" }, { "vulnerability": "VCID-as6z-jr8m-6kbm" }, { "vulnerability": "VCID-axxm-bb71-33dj" }, { "vulnerability": "VCID-c87b-2p6c-xqh8" }, { "vulnerability": "VCID-epah-7729-rqba" }, { "vulnerability": "VCID-f55k-m678-vbfr" }, { "vulnerability": "VCID-fyxq-vtfm-s3ec" }, { "vulnerability": "VCID-k89y-aedv-uugd" }, { "vulnerability": "VCID-kwns-m3j3-8kb7" }, { "vulnerability": "VCID-q3he-ta5n-hkec" }, { "vulnerability": "VCID-q7dx-jb8e-wua4" }, { "vulnerability": "VCID-smd5-xy65-jufc" }, { "vulnerability": "VCID-trdq-rcjg-s7gy" }, { "vulnerability": "VCID-wau9-knn5-vqbp" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:nuget/DotNetNuke.Core@9.13.0-ci0000" } ], "aliases": [ "CVE-2020-5187", "GHSA-4qf5-7xc2-wqpg" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-w7dd-uzf2-d7au" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/82956?format=api", "vulnerability_id": "VCID-wau9-knn5-vqbp", "summary": "DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Starting in version 9.0.0 and prior to versions 9.13.10 and 10.2.0, a content editor could inject scripts in module headers/footers that would run for other users. Versions 9.13.10 and 10.2.0 contain a fix for the issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-24784", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00054", "scoring_system": "epss", "scoring_elements": "0.17344", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00054", "scoring_system": "epss", "scoring_elements": "0.1718", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-24784" }, { "reference_url": "https://github.com/dnnsoftware/Dnn.Platform", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/dnnsoftware/Dnn.Platform" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-24784", "reference_id": "CVE-2026-24784", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-24784" }, { "reference_url": "https://github.com/advisories/GHSA-jjwg-4948-6wxp", "reference_id": "GHSA-jjwg-4948-6wxp", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-jjwg-4948-6wxp" }, { "reference_url": "https://github.com/dnnsoftware/Dnn.Platform/security/advisories/GHSA-jjwg-4948-6wxp", "reference_id": "GHSA-jjwg-4948-6wxp", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N" }, { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-28T15:06:32Z/" } ], "url": "https://github.com/dnnsoftware/Dnn.Platform/security/advisories/GHSA-jjwg-4948-6wxp" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/38322?format=api", "purl": "pkg:nuget/DotNetNuke.Core@9.13.10", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:nuget/DotNetNuke.Core@9.13.10" }, { "url": "http://public2.vulnerablecode.io/api/packages/38325?format=api", "purl": "pkg:nuget/DotNetNuke.Core@10.2.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-axxm-bb71-33dj" }, { "vulnerability": "VCID-kwns-m3j3-8kb7" }, { "vulnerability": "VCID-q7dx-jb8e-wua4" }, { "vulnerability": "VCID-z9tg-26ja-c7hw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:nuget/DotNetNuke.Core@10.2.0" } ], "aliases": [ "CVE-2026-24784", "GHSA-jjwg-4948-6wxp" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-wau9-knn5-vqbp" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/204257?format=api", "vulnerability_id": "VCID-z31q-4wvb-gfhp", "summary": "Stored Cross-Site Scripting vulnerability in admin component of DotNetNuke", "references": [ { "reference_url": "http://packetstormsecurity.com/files/154673/DotNetNuke-Cross-Site-Scripting.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://packetstormsecurity.com/files/154673/DotNetNuke-Cross-Site-Scripting.html" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-12562", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.38668", "scoring_system": "epss", "scoring_elements": "0.9735", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.38668", "scoring_system": "epss", "scoring_elements": "0.97358", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-12562" }, { "reference_url": "https://mayaseven.com/cve-2019-12562-stored-cross-site-scripting-in-dotnetnuke-dnn-version-v9-3-2", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://mayaseven.com/cve-2019-12562-stored-cross-site-scripting-in-dotnetnuke-dnn-version-v9-3-2" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/webapps/47448.py", "reference_id": "CVE-2019-12562", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/webapps/47448.py" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-12562", "reference_id": "CVE-2019-12562", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-12562" }, { "reference_url": "https://mayaseven.com/cve-2019-12562-stored-cross-site-scripting-in-dotnetnuke-dnn-version-v9-3-2/", "reference_id": "CVE-2019-12562-STORED-CROSS-SITE-SCRIPTING-IN-DOTNETNUKE-DNN-VERSION-V9-3-2", "reference_type": "", "scores": [], "url": "https://mayaseven.com/cve-2019-12562-stored-cross-site-scripting-in-dotnetnuke-dnn-version-v9-3-2/" }, { "reference_url": "https://github.com/advisories/GHSA-5whq-j5qg-wjvp", "reference_id": "GHSA-5whq-j5qg-wjvp", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-5whq-j5qg-wjvp" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/15775?format=api", "purl": "pkg:nuget/DotNetNuke.Core@9.4.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2d1y-21mg-9kdx" }, { "vulnerability": "VCID-4wd1-t7cm-9yd2" }, { "vulnerability": "VCID-6227-44sm-nkbb" }, { "vulnerability": "VCID-76dr-n4fx-nud6" }, { "vulnerability": "VCID-as6z-jr8m-6kbm" }, { "vulnerability": "VCID-axxm-bb71-33dj" }, { "vulnerability": "VCID-c87b-2p6c-xqh8" }, { "vulnerability": "VCID-eaz6-q3m7-4bep" }, { "vulnerability": "VCID-epah-7729-rqba" }, { "vulnerability": "VCID-f55k-m678-vbfr" }, { "vulnerability": "VCID-fyxq-vtfm-s3ec" }, { "vulnerability": "VCID-gkac-w1q4-wfgw" }, { "vulnerability": "VCID-hdzp-q5cp-uuf5" }, { "vulnerability": "VCID-k89y-aedv-uugd" }, { "vulnerability": "VCID-kwns-m3j3-8kb7" }, { "vulnerability": "VCID-q3he-ta5n-hkec" }, { "vulnerability": "VCID-q7dx-jb8e-wua4" }, { "vulnerability": "VCID-smd5-xy65-jufc" }, { "vulnerability": "VCID-tc3h-gp3h-euf9" }, { "vulnerability": "VCID-tfyx-ssz9-1qah" }, { "vulnerability": "VCID-trdq-rcjg-s7gy" }, { "vulnerability": "VCID-w7dd-uzf2-d7au" }, { "vulnerability": "VCID-wau9-knn5-vqbp" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:nuget/DotNetNuke.Core@9.4.0" } ], "aliases": [ "CVE-2019-12562", "GHSA-5whq-j5qg-wjvp" ], "risk_score": 10.0, "exploitability": "2.0", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-z31q-4wvb-gfhp" } ], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/159411?format=api", "vulnerability_id": "VCID-5kvr-gpby-wygq", "summary": "DNN (aka DotNetNuke) 9.2 through 9.2.1 uses a weak encryption algorithm to protect input parameters.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-15811", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.92962", "scoring_system": "epss", "scoring_elements": "0.99786", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-15811" }, { "reference_url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2018-15811", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2018-15811" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2018-15811", "reference_id": "CVE-2018-15811", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-15811" }, { "reference_url": "http://packetstormsecurity.com/files/157080/DotNetNuke-Cookie-Deserialization-Remote-Code-Execution.html", "reference_id": "DotNetNuke-Cookie-Deserialization-Remote-Code-Execution.html", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-02-04T20:15:46Z/" } ], "url": "http://packetstormsecurity.com/files/157080/DotNetNuke-Cookie-Deserialization-Remote-Code-Execution.html" }, { "reference_url": "https://github.com/advisories/GHSA-h595-8pw6-5q6v", "reference_id": "GHSA-h595-8pw6-5q6v", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-h595-8pw6-5q6v" }, { "reference_url": "https://github.com/dnnsoftware/Dnn.Platform/releases", "reference_id": "releases", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-02-04T20:15:46Z/" } ], "url": "https://github.com/dnnsoftware/Dnn.Platform/releases" }, { "reference_url": "https://www.dnnsoftware.com/community/security/security-center", "reference_id": "security-center", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-02-04T20:15:46Z/" } ], "url": "https://www.dnnsoftware.com/community/security/security-center" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/15433?format=api", "purl": "pkg:nuget/DotNetNuke.Core@9.2.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-w8mm-p8mb-sqbg" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:nuget/DotNetNuke.Core@9.2.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/15432?format=api", "purl": "pkg:nuget/DotNetNuke.Core@9.3.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2d1y-21mg-9kdx" }, { "vulnerability": "VCID-4wd1-t7cm-9yd2" }, { "vulnerability": "VCID-6227-44sm-nkbb" }, { "vulnerability": "VCID-76dr-n4fx-nud6" }, { "vulnerability": "VCID-as6z-jr8m-6kbm" }, { "vulnerability": "VCID-axxm-bb71-33dj" }, { "vulnerability": "VCID-c87b-2p6c-xqh8" }, { "vulnerability": "VCID-eaz6-q3m7-4bep" }, { "vulnerability": "VCID-epah-7729-rqba" }, { "vulnerability": "VCID-f55k-m678-vbfr" }, { "vulnerability": "VCID-fyxq-vtfm-s3ec" }, { "vulnerability": "VCID-gkac-w1q4-wfgw" }, { "vulnerability": "VCID-hdzp-q5cp-uuf5" }, { "vulnerability": "VCID-k89y-aedv-uugd" }, { "vulnerability": "VCID-kwns-m3j3-8kb7" }, { "vulnerability": "VCID-q3he-ta5n-hkec" }, { "vulnerability": "VCID-q7dx-jb8e-wua4" }, { "vulnerability": "VCID-smd5-xy65-jufc" }, { "vulnerability": "VCID-tc3h-gp3h-euf9" }, { "vulnerability": "VCID-tfyx-ssz9-1qah" }, { "vulnerability": "VCID-trdq-rcjg-s7gy" }, { "vulnerability": "VCID-w7dd-uzf2-d7au" }, { "vulnerability": "VCID-wau9-knn5-vqbp" }, { "vulnerability": "VCID-z31q-4wvb-gfhp" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:nuget/DotNetNuke.Core@9.3.0" } ], "aliases": [ "CVE-2018-15811", "GHSA-h595-8pw6-5q6v" ], "risk_score": 10.0, "exploitability": "2.0", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-5kvr-gpby-wygq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/203864?format=api", "vulnerability_id": "VCID-g68k-ds4r-77b1", "summary": "Insufficient Entropy in DotNetNuke", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-15812", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.79178", "scoring_system": "epss", "scoring_elements": "0.9909", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.79178", "scoring_system": "epss", "scoring_elements": "0.99094", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-15812" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2018-15812", "reference_id": "CVE-2018-15812", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-15812" }, { "reference_url": "https://github.com/advisories/GHSA-pf46-gqg9-j3v3", "reference_id": "GHSA-pf46-gqg9-j3v3", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-pf46-gqg9-j3v3" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/444452?format=api", "purl": "pkg:nuget/DotNetNuke.Core@9.2.1.533", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2d1y-21mg-9kdx" }, { "vulnerability": "VCID-4wd1-t7cm-9yd2" }, { "vulnerability": "VCID-5kvr-gpby-wygq" }, { "vulnerability": "VCID-6227-44sm-nkbb" }, { "vulnerability": "VCID-76dr-n4fx-nud6" }, { "vulnerability": "VCID-as6z-jr8m-6kbm" }, { "vulnerability": "VCID-axxm-bb71-33dj" }, { "vulnerability": "VCID-c87b-2p6c-xqh8" }, { "vulnerability": "VCID-eaz6-q3m7-4bep" }, { "vulnerability": "VCID-epah-7729-rqba" }, { "vulnerability": "VCID-f55k-m678-vbfr" }, { "vulnerability": "VCID-fyxq-vtfm-s3ec" }, { "vulnerability": "VCID-gkac-w1q4-wfgw" }, { "vulnerability": "VCID-hdzp-q5cp-uuf5" }, { "vulnerability": "VCID-k89y-aedv-uugd" }, { "vulnerability": "VCID-kwns-m3j3-8kb7" }, { "vulnerability": "VCID-q3he-ta5n-hkec" }, { "vulnerability": "VCID-q7dx-jb8e-wua4" }, { "vulnerability": "VCID-smd5-xy65-jufc" }, { "vulnerability": "VCID-tc3h-gp3h-euf9" }, { "vulnerability": "VCID-tfyx-ssz9-1qah" }, { "vulnerability": "VCID-trdq-rcjg-s7gy" }, { "vulnerability": "VCID-w7dd-uzf2-d7au" }, { "vulnerability": "VCID-w8mm-p8mb-sqbg" }, { "vulnerability": "VCID-wau9-knn5-vqbp" }, { "vulnerability": "VCID-xmh6-rwbu-c3bb" }, { "vulnerability": "VCID-z31q-4wvb-gfhp" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:nuget/DotNetNuke.Core@9.2.1.533" }, { "url": "http://public2.vulnerablecode.io/api/packages/15433?format=api", "purl": "pkg:nuget/DotNetNuke.Core@9.2.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-w8mm-p8mb-sqbg" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:nuget/DotNetNuke.Core@9.2.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/15432?format=api", "purl": "pkg:nuget/DotNetNuke.Core@9.3.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2d1y-21mg-9kdx" }, { "vulnerability": "VCID-4wd1-t7cm-9yd2" }, { "vulnerability": "VCID-6227-44sm-nkbb" }, { "vulnerability": "VCID-76dr-n4fx-nud6" }, { "vulnerability": "VCID-as6z-jr8m-6kbm" }, { "vulnerability": "VCID-axxm-bb71-33dj" }, { "vulnerability": "VCID-c87b-2p6c-xqh8" }, { "vulnerability": "VCID-eaz6-q3m7-4bep" }, { "vulnerability": "VCID-epah-7729-rqba" }, { "vulnerability": "VCID-f55k-m678-vbfr" }, { "vulnerability": "VCID-fyxq-vtfm-s3ec" }, { "vulnerability": "VCID-gkac-w1q4-wfgw" }, { "vulnerability": "VCID-hdzp-q5cp-uuf5" }, { "vulnerability": "VCID-k89y-aedv-uugd" }, { "vulnerability": "VCID-kwns-m3j3-8kb7" }, { "vulnerability": "VCID-q3he-ta5n-hkec" }, { "vulnerability": "VCID-q7dx-jb8e-wua4" }, { "vulnerability": "VCID-smd5-xy65-jufc" }, { "vulnerability": "VCID-tc3h-gp3h-euf9" }, { "vulnerability": "VCID-tfyx-ssz9-1qah" }, { "vulnerability": "VCID-trdq-rcjg-s7gy" }, { "vulnerability": "VCID-w7dd-uzf2-d7au" }, { "vulnerability": "VCID-wau9-knn5-vqbp" }, { "vulnerability": "VCID-z31q-4wvb-gfhp" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:nuget/DotNetNuke.Core@9.3.0" } ], "aliases": [ "CVE-2018-15812", "GHSA-pf46-gqg9-j3v3" ], "risk_score": 10.0, "exploitability": "2.0", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-g68k-ds4r-77b1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/203861?format=api", "vulnerability_id": "VCID-w8mm-p8mb-sqbg", "summary": "Insufficient Entropy in DotNetNuke", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-18326", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.75829", "scoring_system": "epss", "scoring_elements": "0.9893", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.75829", "scoring_system": "epss", "scoring_elements": "0.98934", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-18326" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2018-18326", "reference_id": "CVE-2018-18326", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-18326" }, { "reference_url": "https://github.com/advisories/GHSA-xx3h-j3cx-8qfj", "reference_id": "GHSA-xx3h-j3cx-8qfj", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-xx3h-j3cx-8qfj" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/15432?format=api", "purl": "pkg:nuget/DotNetNuke.Core@9.3.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2d1y-21mg-9kdx" }, { "vulnerability": "VCID-4wd1-t7cm-9yd2" }, { "vulnerability": "VCID-6227-44sm-nkbb" }, { "vulnerability": "VCID-76dr-n4fx-nud6" }, { "vulnerability": "VCID-as6z-jr8m-6kbm" }, { "vulnerability": "VCID-axxm-bb71-33dj" }, { "vulnerability": "VCID-c87b-2p6c-xqh8" }, { "vulnerability": "VCID-eaz6-q3m7-4bep" }, { "vulnerability": "VCID-epah-7729-rqba" }, { "vulnerability": "VCID-f55k-m678-vbfr" }, { "vulnerability": "VCID-fyxq-vtfm-s3ec" }, { "vulnerability": "VCID-gkac-w1q4-wfgw" }, { "vulnerability": "VCID-hdzp-q5cp-uuf5" }, { "vulnerability": "VCID-k89y-aedv-uugd" }, { "vulnerability": "VCID-kwns-m3j3-8kb7" }, { "vulnerability": "VCID-q3he-ta5n-hkec" }, { "vulnerability": "VCID-q7dx-jb8e-wua4" }, { "vulnerability": "VCID-smd5-xy65-jufc" }, { "vulnerability": "VCID-tc3h-gp3h-euf9" }, { "vulnerability": "VCID-tfyx-ssz9-1qah" }, { "vulnerability": "VCID-trdq-rcjg-s7gy" }, { "vulnerability": "VCID-w7dd-uzf2-d7au" }, { "vulnerability": "VCID-wau9-knn5-vqbp" }, { "vulnerability": "VCID-z31q-4wvb-gfhp" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:nuget/DotNetNuke.Core@9.3.0" } ], "aliases": [ "CVE-2018-18326", "GHSA-xx3h-j3cx-8qfj" ], "risk_score": 10.0, "exploitability": "2.0", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-w8mm-p8mb-sqbg" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/159564?format=api", "vulnerability_id": "VCID-xmh6-rwbu-c3bb", "summary": "DNN (aka DotNetNuke) 9.2 through 9.2.2 uses a weak encryption algorithm to protect input parameters. NOTE: this issue exists because of an incomplete fix for CVE-2018-15811.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-18325", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.92916", "scoring_system": "epss", "scoring_elements": "0.99783", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-18325" }, { "reference_url": "https://github.com/dnnsoftware/Dnn.Platform", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/dnnsoftware/Dnn.Platform" }, { "reference_url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2018-18325", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2018-18325" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2018-18325", "reference_id": "CVE-2018-18325", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-18325" }, { "reference_url": "http://packetstormsecurity.com/files/157080/DotNetNuke-Cookie-Deserialization-Remote-Code-Execution.html", "reference_id": "DotNetNuke-Cookie-Deserialization-Remote-Code-Execution.html", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-02-04T20:15:01Z/" } ], "url": "http://packetstormsecurity.com/files/157080/DotNetNuke-Cookie-Deserialization-Remote-Code-Execution.html" }, { "reference_url": "https://github.com/advisories/GHSA-j3g9-6fx5-gjv7", "reference_id": "GHSA-j3g9-6fx5-gjv7", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-j3g9-6fx5-gjv7" }, { "reference_url": "https://github.com/dnnsoftware/Dnn.Platform/releases", "reference_id": "releases", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-02-04T20:15:01Z/" } ], "url": "https://github.com/dnnsoftware/Dnn.Platform/releases" }, { "reference_url": "https://www.dnnsoftware.com/community/security/security-center", "reference_id": "security-center", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-02-04T20:15:01Z/" } ], "url": "https://www.dnnsoftware.com/community/security/security-center" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/15432?format=api", "purl": "pkg:nuget/DotNetNuke.Core@9.3.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2d1y-21mg-9kdx" }, { "vulnerability": "VCID-4wd1-t7cm-9yd2" }, { "vulnerability": "VCID-6227-44sm-nkbb" }, { "vulnerability": "VCID-76dr-n4fx-nud6" }, { "vulnerability": "VCID-as6z-jr8m-6kbm" }, { "vulnerability": "VCID-axxm-bb71-33dj" }, { "vulnerability": "VCID-c87b-2p6c-xqh8" }, { "vulnerability": "VCID-eaz6-q3m7-4bep" }, { "vulnerability": "VCID-epah-7729-rqba" }, { "vulnerability": "VCID-f55k-m678-vbfr" }, { "vulnerability": "VCID-fyxq-vtfm-s3ec" }, { "vulnerability": "VCID-gkac-w1q4-wfgw" }, { "vulnerability": "VCID-hdzp-q5cp-uuf5" }, { "vulnerability": "VCID-k89y-aedv-uugd" }, { "vulnerability": "VCID-kwns-m3j3-8kb7" }, { "vulnerability": "VCID-q3he-ta5n-hkec" }, { "vulnerability": "VCID-q7dx-jb8e-wua4" }, { "vulnerability": "VCID-smd5-xy65-jufc" }, { "vulnerability": "VCID-tc3h-gp3h-euf9" }, { "vulnerability": "VCID-tfyx-ssz9-1qah" }, { "vulnerability": "VCID-trdq-rcjg-s7gy" }, { "vulnerability": "VCID-w7dd-uzf2-d7au" }, { "vulnerability": "VCID-wau9-knn5-vqbp" }, { "vulnerability": "VCID-z31q-4wvb-gfhp" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:nuget/DotNetNuke.Core@9.3.0" } ], "aliases": [ "CVE-2018-18325", "GHSA-j3g9-6fx5-gjv7" ], "risk_score": 10.0, "exploitability": "2.0", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-xmh6-rwbu-c3bb" } ], "risk_score": "10.0", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:nuget/DotNetNuke.Core@9.3.0" }