Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/387802?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/387802?format=api", "purl": "pkg:nuget/DotNetNuke.Core@6.0.0", "type": "nuget", "namespace": "", "name": "DotNetNuke.Core", "version": "6.0.0", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "10.2.2", "latest_non_vulnerable_version": "10.2.2", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/101125?format=api", "vulnerability_id": "VCID-2d1y-21mg-9kdx", "summary": "DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Prior to version 10.1.0, administrators and content editors can set html in module titles that could include javascript which could be used for XSS based attacks. This issue has been patched in version 10.1.0.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-59546", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00038", "scoring_system": "epss", "scoring_elements": "0.11824", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00038", "scoring_system": "epss", "scoring_elements": "0.11765", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00038", "scoring_system": "epss", "scoring_elements": "0.11848", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00038", "scoring_system": "epss", "scoring_elements": "0.11849", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-59546" }, { "reference_url": "https://github.com/dnnsoftware/Dnn.Platform", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/dnnsoftware/Dnn.Platform" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-59546", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-59546" }, { "reference_url": "https://github.com/advisories/GHSA-gj8m-5492-q98h", "reference_id": "GHSA-gj8m-5492-q98h", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-gj8m-5492-q98h" }, { "reference_url": "https://github.com/dnnsoftware/Dnn.Platform/security/advisories/GHSA-gj8m-5492-q98h", "reference_id": "GHSA-gj8m-5492-q98h", "reference_type": "", "scores": [ { "value": "2.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N" }, { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-23T18:30:03Z/" } ], "url": "https://github.com/dnnsoftware/Dnn.Platform/security/advisories/GHSA-gj8m-5492-q98h" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/376615?format=api", "purl": "pkg:nuget/DotNetNuke.Core@10.1.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-6227-44sm-nkbb" }, { "vulnerability": "VCID-axxm-bb71-33dj" }, { "vulnerability": "VCID-fyxq-vtfm-s3ec" }, { "vulnerability": "VCID-k89y-aedv-uugd" }, { "vulnerability": "VCID-kwns-m3j3-8kb7" }, { "vulnerability": "VCID-q7dx-jb8e-wua4" }, { "vulnerability": "VCID-smd5-xy65-jufc" }, { "vulnerability": "VCID-wau9-knn5-vqbp" }, { "vulnerability": "VCID-z9tg-26ja-c7hw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:nuget/DotNetNuke.Core@10.1.0" } ], "aliases": [ "CVE-2025-59546", "GHSA-gj8m-5492-q98h" ], "risk_score": 1.4, "exploitability": "0.5", "weighted_severity": "2.7", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-2d1y-21mg-9kdx" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/270210?format=api", "vulnerability_id": "VCID-2wya-nj46-dff2", "summary": "", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2013-7335", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00274", "scoring_system": "epss", "scoring_elements": "0.5113", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00274", "scoring_system": "epss", "scoring_elements": "0.51261", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00274", "scoring_system": "epss", "scoring_elements": "0.51275", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00274", "scoring_system": "epss", "scoring_elements": "0.51263", "published_at": "2026-06-14T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2013-7335" }, { "reference_url": "http://secunia.com/advisories/53493", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/53493" }, { "reference_url": "https://github.com/dnnsoftware/Dnn.Platform", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/dnnsoftware/Dnn.Platform" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2013-7335", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-7335" }, { "reference_url": "http://www.dnnsoftware.com/platform/manage/security-center", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.dnnsoftware.com/platform/manage/security-center" }, { "reference_url": "http://www.securityfocus.com/bid/61809", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.securityfocus.com/bid/61809" }, { "reference_url": "https://github.com/advisories/GHSA-mj48-f959-pqph", "reference_id": "GHSA-mj48-f959-pqph", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-mj48-f959-pqph" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/384695?format=api", "purl": "pkg:nuget/DotNetNuke.Core@6.2.9", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:nuget/DotNetNuke.Core@6.2.9" }, { "url": "http://public2.vulnerablecode.io/api/packages/384696?format=api", "purl": "pkg:nuget/DotNetNuke.Core@7.1.1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:nuget/DotNetNuke.Core@7.1.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/388108?format=api", "purl": "pkg:nuget/DotNetNuke.Core@7.2.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:nuget/DotNetNuke.Core@7.2.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/400849?format=api", "purl": "pkg:nuget/DotNetNuke.Core@9.13.0-ci0000", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2d1y-21mg-9kdx" }, { "vulnerability": "VCID-4wd1-t7cm-9yd2" }, { "vulnerability": "VCID-6227-44sm-nkbb" }, { "vulnerability": "VCID-as6z-jr8m-6kbm" }, { "vulnerability": "VCID-axxm-bb71-33dj" }, { "vulnerability": "VCID-c87b-2p6c-xqh8" }, { "vulnerability": "VCID-epah-7729-rqba" }, { "vulnerability": "VCID-f55k-m678-vbfr" }, { "vulnerability": "VCID-fyxq-vtfm-s3ec" }, { "vulnerability": "VCID-k89y-aedv-uugd" }, { "vulnerability": "VCID-kwns-m3j3-8kb7" }, { "vulnerability": "VCID-q3he-ta5n-hkec" }, { "vulnerability": "VCID-q7dx-jb8e-wua4" }, { "vulnerability": "VCID-smd5-xy65-jufc" }, { "vulnerability": "VCID-trdq-rcjg-s7gy" }, { "vulnerability": "VCID-wau9-knn5-vqbp" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:nuget/DotNetNuke.Core@9.13.0-ci0000" } ], "aliases": [ "CVE-2013-7335", "GHSA-mj48-f959-pqph" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-2wya-nj46-dff2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/117967?format=api", "vulnerability_id": "VCID-4wd1-t7cm-9yd2", "summary": "DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Prior to version 9.13.9, uploaded SVG files could contain scripts and if rendered inline those scripts could run allowing XSS attacks. Version 9.13.9 fixes the issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-48378", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00055", "scoring_system": "epss", "scoring_elements": "0.17809", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00055", "scoring_system": "epss", "scoring_elements": "0.17817", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00055", "scoring_system": "epss", "scoring_elements": "0.17834", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00055", "scoring_system": "epss", "scoring_elements": "0.17657", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-48378" }, { "reference_url": "https://github.com/dnnsoftware/Dnn.Platform", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/dnnsoftware/Dnn.Platform" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-48378", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-48378" }, { "reference_url": "https://github.com/dnnsoftware/Dnn.Platform/commit/cfed83c291d5e5072b2fa70924a8b7c35b1cdf9e", "reference_id": "cfed83c291d5e5072b2fa70924a8b7c35b1cdf9e", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-23T16:00:53Z/" } ], "url": "https://github.com/dnnsoftware/Dnn.Platform/commit/cfed83c291d5e5072b2fa70924a8b7c35b1cdf9e" }, { "reference_url": "https://github.com/advisories/GHSA-m4hf-fxcg-cp34", "reference_id": "GHSA-m4hf-fxcg-cp34", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-m4hf-fxcg-cp34" }, { "reference_url": "https://github.com/dnnsoftware/Dnn.Platform/security/advisories/GHSA-m4hf-fxcg-cp34", "reference_id": "GHSA-m4hf-fxcg-cp34", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "6.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-23T16:00:53Z/" } ], "url": "https://github.com/dnnsoftware/Dnn.Platform/security/advisories/GHSA-m4hf-fxcg-cp34" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/38328?format=api", "purl": "pkg:nuget/DotNetNuke.Core@9.13.9", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2d1y-21mg-9kdx" }, { "vulnerability": "VCID-6227-44sm-nkbb" }, { "vulnerability": "VCID-as6z-jr8m-6kbm" }, { "vulnerability": "VCID-axxm-bb71-33dj" }, { "vulnerability": "VCID-c87b-2p6c-xqh8" }, { "vulnerability": "VCID-epah-7729-rqba" }, { "vulnerability": "VCID-fyxq-vtfm-s3ec" }, { "vulnerability": "VCID-k89y-aedv-uugd" }, { "vulnerability": "VCID-kwns-m3j3-8kb7" }, { "vulnerability": "VCID-q7dx-jb8e-wua4" }, { "vulnerability": "VCID-smd5-xy65-jufc" }, { "vulnerability": "VCID-trdq-rcjg-s7gy" }, { "vulnerability": "VCID-wau9-knn5-vqbp" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:nuget/DotNetNuke.Core@9.13.9" } ], "aliases": [ "CVE-2025-48378", "GHSA-m4hf-fxcg-cp34" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-4wd1-t7cm-9yd2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/201686?format=api", "vulnerability_id": "VCID-5eqv-4vr8-9ug1", "summary": "The installation wizard in DotNetNuke (DNN) allows privilege escalation", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2015-2794", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.927", "scoring_system": "epss", "scoring_elements": "0.99764", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.927", "scoring_system": "epss", "scoring_elements": "0.99765", "published_at": "2026-06-14T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2015-2794" }, { "reference_url": "https://dotnetnuke.codeplex.com/releases/view/615317", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://dotnetnuke.codeplex.com/releases/view/615317" }, { "reference_url": "https://www.exploit-db.com/exploits/39777", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.exploit-db.com/exploits/39777" }, { "reference_url": "https://www.exploit-db.com/exploits/39777/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.exploit-db.com/exploits/39777/" }, { "reference_url": "http://www.dnnsoftware.com/community-blog/cid/155198/workaround-for-potential-security-issue", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.dnnsoftware.com/community-blog/cid/155198/workaround-for-potential-security-issue" }, { "reference_url": "http://www.securityfocus.com/bid/96373", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.securityfocus.com/bid/96373" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/asp/webapps/39777.txt", "reference_id": "CVE-2015-2794", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/asp/webapps/39777.txt" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2015-2794", "reference_id": "CVE-2015-2794", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-2794" }, { "reference_url": "https://github.com/advisories/GHSA-x8f7-h444-97w4", "reference_id": "GHSA-x8f7-h444-97w4", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-x8f7-h444-97w4" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/388334?format=api", "purl": "pkg:nuget/DotNetNuke.Core@7.4.0.353", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2d1y-21mg-9kdx" }, { "vulnerability": "VCID-4wd1-t7cm-9yd2" }, { "vulnerability": "VCID-76dr-n4fx-nud6" }, { "vulnerability": "VCID-8vft-tfmv-5qfr" }, { "vulnerability": "VCID-as6z-jr8m-6kbm" }, { "vulnerability": "VCID-axxm-bb71-33dj" }, { "vulnerability": "VCID-c87b-2p6c-xqh8" }, { "vulnerability": "VCID-eaz6-q3m7-4bep" }, { "vulnerability": "VCID-epah-7729-rqba" }, { "vulnerability": "VCID-f55k-m678-vbfr" }, { "vulnerability": "VCID-fyxq-vtfm-s3ec" }, { "vulnerability": "VCID-gkac-w1q4-wfgw" }, { "vulnerability": "VCID-hdzp-q5cp-uuf5" }, { "vulnerability": "VCID-j6vd-2rnp-n7e5" }, { "vulnerability": "VCID-kwns-m3j3-8kb7" }, { "vulnerability": "VCID-q3he-ta5n-hkec" }, { "vulnerability": "VCID-q3w4-ejd5-pqfz" }, { "vulnerability": "VCID-q7dx-jb8e-wua4" }, { "vulnerability": "VCID-smd5-xy65-jufc" }, { "vulnerability": "VCID-tc3h-gp3h-euf9" }, { "vulnerability": "VCID-tfyx-ssz9-1qah" }, { "vulnerability": "VCID-trdq-rcjg-s7gy" }, { "vulnerability": "VCID-w7dd-uzf2-d7au" }, { "vulnerability": "VCID-xmh6-rwbu-c3bb" }, { "vulnerability": "VCID-z31q-4wvb-gfhp" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:nuget/DotNetNuke.Core@7.4.0.353" }, { "url": "http://public2.vulnerablecode.io/api/packages/13806?format=api", "purl": "pkg:nuget/DotNetNuke.Core@7.4.1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:nuget/DotNetNuke.Core@7.4.1" } ], "aliases": [ "CVE-2015-2794", "GHSA-x8f7-h444-97w4" ], "risk_score": 10.0, "exploitability": "2.0", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-5eqv-4vr8-9ug1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/343448?format=api", "vulnerability_id": "VCID-76dr-n4fx-nud6", "summary": "", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-40186", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00311", "scoring_system": "epss", "scoring_elements": "0.54749", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00311", "scoring_system": "epss", "scoring_elements": "0.54872", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00311", "scoring_system": "epss", "scoring_elements": "0.54889", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00311", "scoring_system": "epss", "scoring_elements": "0.54873", "published_at": "2026-06-14T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-40186" }, { "reference_url": "https://appcheck-ng.com/dnn-cms-server-side-request-forgery-cve-2021-40186", "reference_id": "", "reference_type": "", "scores": [], "url": "https://appcheck-ng.com/dnn-cms-server-side-request-forgery-cve-2021-40186" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-40186", "reference_id": "CVE-2021-40186", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-40186" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/400849?format=api", "purl": "pkg:nuget/DotNetNuke.Core@9.13.0-ci0000", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2d1y-21mg-9kdx" }, { "vulnerability": "VCID-4wd1-t7cm-9yd2" }, { "vulnerability": "VCID-6227-44sm-nkbb" }, { "vulnerability": "VCID-as6z-jr8m-6kbm" }, { "vulnerability": "VCID-axxm-bb71-33dj" }, { "vulnerability": "VCID-c87b-2p6c-xqh8" }, { "vulnerability": "VCID-epah-7729-rqba" }, { "vulnerability": "VCID-f55k-m678-vbfr" }, { "vulnerability": "VCID-fyxq-vtfm-s3ec" }, { "vulnerability": "VCID-k89y-aedv-uugd" }, { "vulnerability": "VCID-kwns-m3j3-8kb7" }, { "vulnerability": "VCID-q3he-ta5n-hkec" }, { "vulnerability": "VCID-q7dx-jb8e-wua4" }, { "vulnerability": "VCID-smd5-xy65-jufc" }, { "vulnerability": "VCID-trdq-rcjg-s7gy" }, { "vulnerability": "VCID-wau9-knn5-vqbp" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:nuget/DotNetNuke.Core@9.13.0-ci0000" } ], "aliases": [ "CVE-2021-40186" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-76dr-n4fx-nud6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/201624?format=api", "vulnerability_id": "VCID-8vft-tfmv-5qfr", "summary": "High severity vulnerability that affects DotNetNuke.Core", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-0929", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.92183", "scoring_system": "epss", "scoring_elements": "0.99728", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.92183", "scoring_system": "epss", "scoring_elements": "0.99729", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.92183", "scoring_system": "epss", "scoring_elements": "0.9973", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-0929" }, { "reference_url": "https://github.com/dnnsoftware/Dnn.Platform", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/dnnsoftware/Dnn.Platform" }, { "reference_url": "https://github.com/dnnsoftware/Dnn.Platform/commit/d3953db85fee77bb5e6383747692c507ef8b94c3", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/dnnsoftware/Dnn.Platform/commit/d3953db85fee77bb5e6383747692c507ef8b94c3" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2017-0929", "reference_id": "CVE-2017-0929", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-0929" }, { "reference_url": "https://github.com/advisories/GHSA-g8j6-m4p7-5rfq", "reference_id": "GHSA-g8j6-m4p7-5rfq", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-g8j6-m4p7-5rfq" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/13751?format=api", "purl": "pkg:nuget/DotNetNuke.Core@9.2.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5kvr-gpby-wygq" }, { "vulnerability": "VCID-g68k-ds4r-77b1" }, { "vulnerability": "VCID-w8mm-p8mb-sqbg" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:nuget/DotNetNuke.Core@9.2.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/390539?format=api", "purl": "pkg:nuget/DotNetNuke.Core@9.2.0.366", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2d1y-21mg-9kdx" }, { "vulnerability": "VCID-4wd1-t7cm-9yd2" }, { "vulnerability": "VCID-5kvr-gpby-wygq" }, { "vulnerability": "VCID-6227-44sm-nkbb" }, { "vulnerability": "VCID-76dr-n4fx-nud6" }, { "vulnerability": "VCID-as6z-jr8m-6kbm" }, { "vulnerability": "VCID-axxm-bb71-33dj" }, { "vulnerability": "VCID-c87b-2p6c-xqh8" }, { "vulnerability": "VCID-eaz6-q3m7-4bep" }, { "vulnerability": "VCID-epah-7729-rqba" }, { "vulnerability": "VCID-f55k-m678-vbfr" }, { "vulnerability": "VCID-fyxq-vtfm-s3ec" }, { "vulnerability": "VCID-g68k-ds4r-77b1" }, { "vulnerability": "VCID-gkac-w1q4-wfgw" }, { "vulnerability": "VCID-hdzp-q5cp-uuf5" }, { "vulnerability": "VCID-k89y-aedv-uugd" }, { "vulnerability": "VCID-kwns-m3j3-8kb7" }, { "vulnerability": "VCID-q3he-ta5n-hkec" }, { "vulnerability": "VCID-q7dx-jb8e-wua4" }, { "vulnerability": "VCID-smd5-xy65-jufc" }, { "vulnerability": "VCID-tc3h-gp3h-euf9" }, { "vulnerability": "VCID-tfyx-ssz9-1qah" }, { "vulnerability": "VCID-trdq-rcjg-s7gy" }, { "vulnerability": "VCID-w7dd-uzf2-d7au" }, { "vulnerability": "VCID-w8mm-p8mb-sqbg" }, { "vulnerability": "VCID-wau9-knn5-vqbp" }, { "vulnerability": "VCID-xmh6-rwbu-c3bb" }, { "vulnerability": "VCID-z31q-4wvb-gfhp" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:nuget/DotNetNuke.Core@9.2.0.366" } ], "aliases": [ "CVE-2017-0929", "GHSA-g8j6-m4p7-5rfq" ], "risk_score": 10.0, "exploitability": "2.0", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-8vft-tfmv-5qfr" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/263059?format=api", "vulnerability_id": "VCID-9bhd-qqr2-1yhy", "summary": "", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-1030", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00263", "scoring_system": "epss", "scoring_elements": "0.49976", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00263", "scoring_system": "epss", "scoring_elements": "0.5011", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00263", "scoring_system": "epss", "scoring_elements": "0.50129", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00263", "scoring_system": "epss", "scoring_elements": "0.50114", "published_at": "2026-06-14T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-1030" }, { "reference_url": "http://technet.microsoft.com/en-us/security/msvr/msvr12-003", "reference_id": "", "reference_type": "", "scores": [], "url": "http://technet.microsoft.com/en-us/security/msvr/msvr12-003" }, { "reference_url": "http://www.dotnetnuke.com/News/Security-Policy/Security-bulletin-no.62.aspx", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.dotnetnuke.com/News/Security-Policy/Security-bulletin-no.62.aspx" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2012-1030", "reference_id": "CVE-2012-1030", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-1030" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/387826?format=api", "purl": "pkg:nuget/DotNetNuke.Core@7.0.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2d1y-21mg-9kdx" }, { "vulnerability": "VCID-2wya-nj46-dff2" }, { "vulnerability": "VCID-4wd1-t7cm-9yd2" }, { "vulnerability": "VCID-5eqv-4vr8-9ug1" }, { "vulnerability": "VCID-76dr-n4fx-nud6" }, { "vulnerability": "VCID-8vft-tfmv-5qfr" }, { "vulnerability": "VCID-as6z-jr8m-6kbm" }, { "vulnerability": "VCID-axxm-bb71-33dj" }, { "vulnerability": "VCID-bmfr-jaur-3kfq" }, { "vulnerability": "VCID-c87b-2p6c-xqh8" }, { "vulnerability": "VCID-eaz6-q3m7-4bep" }, { "vulnerability": "VCID-epah-7729-rqba" }, { "vulnerability": "VCID-f55k-m678-vbfr" }, { "vulnerability": "VCID-fyxq-vtfm-s3ec" }, { "vulnerability": "VCID-gkac-w1q4-wfgw" }, { "vulnerability": "VCID-hdzp-q5cp-uuf5" }, { "vulnerability": "VCID-j6vd-2rnp-n7e5" }, { "vulnerability": "VCID-jcyr-1pnk-e3er" }, { "vulnerability": "VCID-kwns-m3j3-8kb7" }, { "vulnerability": "VCID-q3he-ta5n-hkec" }, { "vulnerability": "VCID-q3w4-ejd5-pqfz" }, { "vulnerability": "VCID-q7dx-jb8e-wua4" }, { "vulnerability": "VCID-qk9a-b246-tfeh" }, { "vulnerability": "VCID-smd5-xy65-jufc" }, { "vulnerability": "VCID-tc3h-gp3h-euf9" }, { "vulnerability": "VCID-tfyx-ssz9-1qah" }, { "vulnerability": "VCID-trdq-rcjg-s7gy" }, { "vulnerability": "VCID-w7dd-uzf2-d7au" }, { "vulnerability": "VCID-xmh6-rwbu-c3bb" }, { "vulnerability": "VCID-z31q-4wvb-gfhp" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:nuget/DotNetNuke.Core@7.0.0" } ], "aliases": [ "CVE-2012-1030" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-9bhd-qqr2-1yhy" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/100676?format=api", "vulnerability_id": "VCID-as6z-jr8m-6kbm", "summary": "DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Prior to version 10.1.0, DNN’s URL/path handling and template rendering can allow specially crafted input to be reflected into a user profile that is returned to the browser. In these cases, the application does not sufficiently neutralize or encode characters that are meaningful in HTML, so an attacker can cause a victim’s browser to interpret attacker-controlled content as part of the page’s HTML. This issue has been patched in version 10.1.0.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-59821", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00047", "scoring_system": "epss", "scoring_elements": "0.1501", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00047", "scoring_system": "epss", "scoring_elements": "0.14918", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00047", "scoring_system": "epss", "scoring_elements": "0.15038", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00047", "scoring_system": "epss", "scoring_elements": "0.1504", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-59821" }, { "reference_url": "https://github.com/dnnsoftware/Dnn.Platform", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/dnnsoftware/Dnn.Platform" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-59821", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-59821" }, { "reference_url": "https://github.com/advisories/GHSA-jc4g-c8ww-5738", "reference_id": "GHSA-jc4g-c8ww-5738", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-jc4g-c8ww-5738" }, { "reference_url": "https://github.com/dnnsoftware/Dnn.Platform/security/advisories/GHSA-jc4g-c8ww-5738", "reference_id": "GHSA-jc4g-c8ww-5738", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-23T18:29:53Z/" } ], "url": "https://github.com/dnnsoftware/Dnn.Platform/security/advisories/GHSA-jc4g-c8ww-5738" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/376615?format=api", "purl": "pkg:nuget/DotNetNuke.Core@10.1.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-6227-44sm-nkbb" }, { "vulnerability": "VCID-axxm-bb71-33dj" }, { "vulnerability": "VCID-fyxq-vtfm-s3ec" }, { "vulnerability": "VCID-k89y-aedv-uugd" }, { "vulnerability": "VCID-kwns-m3j3-8kb7" }, { "vulnerability": "VCID-q7dx-jb8e-wua4" }, { "vulnerability": "VCID-smd5-xy65-jufc" }, { "vulnerability": "VCID-wau9-knn5-vqbp" }, { "vulnerability": "VCID-z9tg-26ja-c7hw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:nuget/DotNetNuke.Core@10.1.0" } ], "aliases": [ "CVE-2025-59821", "GHSA-jc4g-c8ww-5738" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-as6z-jr8m-6kbm" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/84334?format=api", "vulnerability_id": "VCID-axxm-bb71-33dj", "summary": "DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Prior to version 10.2.2, a user could upload a specially crafted SVG file that could include scripts that can target both authenticated and unauthenticated DNN users. The impact is increased if the scripts are run by a power user. Version 10.2.2 patches the issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-40321", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.0613", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.06144", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.06153", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.06131", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-40321" }, { "reference_url": "https://github.com/dnnsoftware/Dnn.Platform", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/dnnsoftware/Dnn.Platform" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-40321", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-40321" }, { "reference_url": "https://github.com/advisories/GHSA-ffq7-898w-9jc4", "reference_id": "GHSA-ffq7-898w-9jc4", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-ffq7-898w-9jc4" }, { "reference_url": "https://github.com/dnnsoftware/Dnn.Platform/security/advisories/GHSA-ffq7-898w-9jc4", "reference_id": "GHSA-ffq7-898w-9jc4", "reference_type": "", "scores": [ { "value": "8.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H" }, { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-20T16:00:34Z/" } ], "url": "https://github.com/dnnsoftware/Dnn.Platform/security/advisories/GHSA-ffq7-898w-9jc4" }, { "reference_url": "https://github.com/dnnsoftware/Dnn.Platform/releases/tag/v10.2.2", "reference_id": "v10.2.2", "reference_type": "", "scores": [ { "value": "8.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H" }, { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-20T16:00:34Z/" } ], "url": "https://github.com/dnnsoftware/Dnn.Platform/releases/tag/v10.2.2" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/373520?format=api", "purl": "pkg:nuget/DotNetNuke.Core@10.2.2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:nuget/DotNetNuke.Core@10.2.2" } ], "aliases": [ "CVE-2026-40321", "GHSA-ffq7-898w-9jc4" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-axxm-bb71-33dj" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/268807?format=api", "vulnerability_id": "VCID-bmfr-jaur-3kfq", "summary": "", "references": [ { "reference_url": "http://packetstormsecurity.com/files/122792/DotNetNuke-DNN-7.1.0-6.2.8-Cross-Site-Scripting.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://packetstormsecurity.com/files/122792/DotNetNuke-DNN-7.1.0-6.2.8-Cross-Site-Scripting.html" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2013-4649", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00269", "scoring_system": "epss", "scoring_elements": "0.50825", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00269", "scoring_system": "epss", "scoring_elements": "0.50821", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00269", "scoring_system": "epss", "scoring_elements": "0.50837", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00269", "scoring_system": "epss", "scoring_elements": "0.50688", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2013-4649" }, { "reference_url": "http://secunia.com/advisories/53493", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://secunia.com/advisories/53493" }, { "reference_url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86432", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86432" }, { "reference_url": "https://github.com/dnnsoftware/Dnn.Platform", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/dnnsoftware/Dnn.Platform" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2013-4649", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-4649" }, { "reference_url": "http://www.dnnsoftware.com/platform/manage/security-center", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.dnnsoftware.com/platform/manage/security-center" }, { "reference_url": "https://github.com/advisories/GHSA-rvrj-j7cc-236p", "reference_id": "GHSA-rvrj-j7cc-236p", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-rvrj-j7cc-236p" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/384695?format=api", "purl": "pkg:nuget/DotNetNuke.Core@6.2.9", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:nuget/DotNetNuke.Core@6.2.9" }, { "url": "http://public2.vulnerablecode.io/api/packages/384696?format=api", "purl": "pkg:nuget/DotNetNuke.Core@7.1.1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:nuget/DotNetNuke.Core@7.1.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/388108?format=api", "purl": "pkg:nuget/DotNetNuke.Core@7.2.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:nuget/DotNetNuke.Core@7.2.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/400849?format=api", "purl": "pkg:nuget/DotNetNuke.Core@9.13.0-ci0000", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2d1y-21mg-9kdx" }, { "vulnerability": "VCID-4wd1-t7cm-9yd2" }, { "vulnerability": "VCID-6227-44sm-nkbb" }, { "vulnerability": "VCID-as6z-jr8m-6kbm" }, { "vulnerability": "VCID-axxm-bb71-33dj" }, { "vulnerability": "VCID-c87b-2p6c-xqh8" }, { "vulnerability": "VCID-epah-7729-rqba" }, { "vulnerability": "VCID-f55k-m678-vbfr" }, { "vulnerability": "VCID-fyxq-vtfm-s3ec" }, { "vulnerability": "VCID-k89y-aedv-uugd" }, { "vulnerability": "VCID-kwns-m3j3-8kb7" }, { "vulnerability": "VCID-q3he-ta5n-hkec" }, { "vulnerability": "VCID-q7dx-jb8e-wua4" }, { "vulnerability": "VCID-smd5-xy65-jufc" }, { "vulnerability": "VCID-trdq-rcjg-s7gy" }, { "vulnerability": "VCID-wau9-knn5-vqbp" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:nuget/DotNetNuke.Core@9.13.0-ci0000" } ], "aliases": [ "CVE-2013-4649", "GHSA-rvrj-j7cc-236p" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-bmfr-jaur-3kfq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/100961?format=api", "vulnerability_id": "VCID-c87b-2p6c-xqh8", "summary": "DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Prior to version 10.1.0, when embedding information in the Biography field, even if that field is not rich-text, users could inject javascript code that would run in the context of the website and to any other user that can view the profile including administrators and/or superusers. This issue has been patched in version 10.1.0.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-59539", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00041", "scoring_system": "epss", "scoring_elements": "0.13003", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00041", "scoring_system": "epss", "scoring_elements": "0.12992", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00041", "scoring_system": "epss", "scoring_elements": "0.12908", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00041", "scoring_system": "epss", "scoring_elements": "0.13013", "published_at": "2026-06-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-59539" }, { "reference_url": "https://github.com/dnnsoftware/Dnn.Platform", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/dnnsoftware/Dnn.Platform" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-59539", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-59539" }, { "reference_url": "https://github.com/advisories/GHSA-7rcc-q6rq-jpcm", "reference_id": "GHSA-7rcc-q6rq-jpcm", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-7rcc-q6rq-jpcm" }, { "reference_url": "https://github.com/dnnsoftware/Dnn.Platform/security/advisories/GHSA-7rcc-q6rq-jpcm", "reference_id": "GHSA-7rcc-q6rq-jpcm", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-23T18:30:23Z/" } ], "url": "https://github.com/dnnsoftware/Dnn.Platform/security/advisories/GHSA-7rcc-q6rq-jpcm" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/376615?format=api", "purl": "pkg:nuget/DotNetNuke.Core@10.1.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-6227-44sm-nkbb" }, { "vulnerability": "VCID-axxm-bb71-33dj" }, { "vulnerability": "VCID-fyxq-vtfm-s3ec" }, { "vulnerability": "VCID-k89y-aedv-uugd" }, { "vulnerability": "VCID-kwns-m3j3-8kb7" }, { "vulnerability": "VCID-q7dx-jb8e-wua4" }, { "vulnerability": "VCID-smd5-xy65-jufc" }, { "vulnerability": "VCID-wau9-knn5-vqbp" }, { "vulnerability": "VCID-z9tg-26ja-c7hw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:nuget/DotNetNuke.Core@10.1.0" } ], "aliases": [ "CVE-2025-59539", "GHSA-7rcc-q6rq-jpcm" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-c87b-2p6c-xqh8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/101057?format=api", "vulnerability_id": "VCID-epah-7729-rqba", "summary": "DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Prior to version 10.1.0, the Prompt module allows execution of commands that can return raw HTML. Malicious input, even if sanitized for display elsewhere, can be executed when processed through certain commands, leading to potential script execution (XSS). This issue has been patched in version 10.1.0.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-59545", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00098", "scoring_system": "epss", "scoring_elements": "0.27077", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00098", "scoring_system": "epss", "scoring_elements": "0.2706", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00098", "scoring_system": "epss", "scoring_elements": "0.2686", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00098", "scoring_system": "epss", "scoring_elements": "0.27062", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-59545" }, { "reference_url": "https://github.com/dnnsoftware/Dnn.Platform", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/dnnsoftware/Dnn.Platform" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-59545", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-59545" }, { "reference_url": "https://github.com/advisories/GHSA-2qxc-mf4x-wr29", "reference_id": "GHSA-2qxc-mf4x-wr29", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-2qxc-mf4x-wr29" }, { "reference_url": "https://github.com/dnnsoftware/Dnn.Platform/security/advisories/GHSA-2qxc-mf4x-wr29", "reference_id": "GHSA-2qxc-mf4x-wr29", "reference_type": "", "scores": [ { "value": "9.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H" }, { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-09-23T18:30:12Z/" } ], "url": "https://github.com/dnnsoftware/Dnn.Platform/security/advisories/GHSA-2qxc-mf4x-wr29" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/376615?format=api", "purl": "pkg:nuget/DotNetNuke.Core@10.1.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-6227-44sm-nkbb" }, { "vulnerability": "VCID-axxm-bb71-33dj" }, { "vulnerability": "VCID-fyxq-vtfm-s3ec" }, { "vulnerability": "VCID-k89y-aedv-uugd" }, { "vulnerability": "VCID-kwns-m3j3-8kb7" }, { "vulnerability": "VCID-q7dx-jb8e-wua4" }, { "vulnerability": "VCID-smd5-xy65-jufc" }, { "vulnerability": "VCID-wau9-knn5-vqbp" }, { "vulnerability": "VCID-z9tg-26ja-c7hw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:nuget/DotNetNuke.Core@10.1.0" } ], "aliases": [ "CVE-2025-59545", "GHSA-2qxc-mf4x-wr29" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-epah-7729-rqba" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/118496?format=api", "vulnerability_id": "VCID-f55k-m678-vbfr", "summary": "DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Prior to version 9.13.9, a specially crafted URL may be constructed which can inject an XSS payload that is triggered by using some module actions. Version 9.13.9 fixes the issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-48377", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00141", "scoring_system": "epss", "scoring_elements": "0.34178", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00141", "scoring_system": "epss", "scoring_elements": "0.34174", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00141", "scoring_system": "epss", "scoring_elements": "0.34198", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00141", "scoring_system": "epss", "scoring_elements": "0.33998", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-48377" }, { "reference_url": "https://github.com/dnnsoftware/Dnn.Platform", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.0", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/dnnsoftware/Dnn.Platform" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-48377", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.0", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-48377" }, { "reference_url": "https://github.com/dnnsoftware/Dnn.Platform/commit/351b166492ad4b6509c273dc83211d52238e31a7", "reference_id": "351b166492ad4b6509c273dc83211d52238e31a7", "reference_type": "", "scores": [ { "value": "6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N" }, { "value": "6.0", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-23T15:51:04Z/" } ], "url": "https://github.com/dnnsoftware/Dnn.Platform/commit/351b166492ad4b6509c273dc83211d52238e31a7" }, { "reference_url": "https://github.com/advisories/GHSA-79m3-rvx2-3qq9", "reference_id": "GHSA-79m3-rvx2-3qq9", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-79m3-rvx2-3qq9" }, { "reference_url": "https://github.com/dnnsoftware/Dnn.Platform/security/advisories/GHSA-79m3-rvx2-3qq9", "reference_id": "GHSA-79m3-rvx2-3qq9", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N" }, { "value": "6.0", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-23T15:51:04Z/" } ], "url": "https://github.com/dnnsoftware/Dnn.Platform/security/advisories/GHSA-79m3-rvx2-3qq9" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/38328?format=api", "purl": "pkg:nuget/DotNetNuke.Core@9.13.9", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2d1y-21mg-9kdx" }, { "vulnerability": "VCID-6227-44sm-nkbb" }, { "vulnerability": "VCID-as6z-jr8m-6kbm" }, { "vulnerability": "VCID-axxm-bb71-33dj" }, { "vulnerability": "VCID-c87b-2p6c-xqh8" }, { "vulnerability": "VCID-epah-7729-rqba" }, { "vulnerability": "VCID-fyxq-vtfm-s3ec" }, { "vulnerability": "VCID-k89y-aedv-uugd" }, { "vulnerability": "VCID-kwns-m3j3-8kb7" }, { "vulnerability": "VCID-q7dx-jb8e-wua4" }, { "vulnerability": "VCID-smd5-xy65-jufc" }, { "vulnerability": "VCID-trdq-rcjg-s7gy" }, { "vulnerability": "VCID-wau9-knn5-vqbp" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:nuget/DotNetNuke.Core@9.13.9" } ], "aliases": [ "CVE-2025-48377", "GHSA-79m3-rvx2-3qq9" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-f55k-m678-vbfr" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/82686?format=api", "vulnerability_id": "VCID-fyxq-vtfm-s3ec", "summary": "DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Prior to versions 9.13.10 and 10.2.0, module title supports richtext which could include scripts that would execute in certain scenarios. Versions 9.13.10 and 10.2.0 contain a fix for the issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-24838", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00055", "scoring_system": "epss", "scoring_elements": "0.17479", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00055", "scoring_system": "epss", "scoring_elements": "0.17633", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00055", "scoring_system": "epss", "scoring_elements": "0.17659", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00055", "scoring_system": "epss", "scoring_elements": "0.17641", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-24838" }, { "reference_url": "https://github.com/dnnsoftware/Dnn.Platform", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/dnnsoftware/Dnn.Platform" }, { "reference_url": "https://github.com/dnnsoftware/Dnn.Platform/commit/4a4bcbcdf3cedbf702816f8168c4d51bf688f7f6", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/dnnsoftware/Dnn.Platform/commit/4a4bcbcdf3cedbf702816f8168c4d51bf688f7f6" }, { "reference_url": "https://github.com/dnnsoftware/Dnn.Platform/releases/tag/v10.2.0", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/dnnsoftware/Dnn.Platform/releases/tag/v10.2.0" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-24838", "reference_id": "CVE-2026-24838", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-24838" }, { "reference_url": "https://github.com/advisories/GHSA-w9pf-h6m6-v89h", "reference_id": "GHSA-w9pf-h6m6-v89h", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-w9pf-h6m6-v89h" }, { "reference_url": "https://github.com/dnnsoftware/Dnn.Platform/security/advisories/GHSA-w9pf-h6m6-v89h", "reference_id": "GHSA-w9pf-h6m6-v89h", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-01-28T15:03:11Z/" } ], "url": "https://github.com/dnnsoftware/Dnn.Platform/security/advisories/GHSA-w9pf-h6m6-v89h" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/38322?format=api", "purl": "pkg:nuget/DotNetNuke.Core@9.13.10", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:nuget/DotNetNuke.Core@9.13.10" }, { "url": "http://public2.vulnerablecode.io/api/packages/38325?format=api", "purl": "pkg:nuget/DotNetNuke.Core@10.2.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-axxm-bb71-33dj" }, { "vulnerability": "VCID-kwns-m3j3-8kb7" }, { "vulnerability": "VCID-q7dx-jb8e-wua4" }, { "vulnerability": "VCID-z9tg-26ja-c7hw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:nuget/DotNetNuke.Core@10.2.0" } ], "aliases": [ "CVE-2026-24838", "GHSA-w9pf-h6m6-v89h" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-fyxq-vtfm-s3ec" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/174477?format=api", "vulnerability_id": "VCID-gkac-w1q4-wfgw", "summary": "Relative Path Traversal in GitHub repository dnnsoftware/dnn.platform prior to 9.11.0.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-2922", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00453", "scoring_system": "epss", "scoring_elements": "0.64193", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00453", "scoring_system": "epss", "scoring_elements": "0.64306", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00453", "scoring_system": "epss", "scoring_elements": "0.6431", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00453", "scoring_system": "epss", "scoring_elements": "0.64296", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-2922" }, { "reference_url": "https://github.com/dnnsoftware/dnn.platform", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/dnnsoftware/dnn.platform" }, { "reference_url": "https://github.com/dnnsoftware/Dnn.Platform/commit/3697c5344cef8d49214230f0cc2efcd9e93a00a8", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/dnnsoftware/Dnn.Platform/commit/3697c5344cef8d49214230f0cc2efcd9e93a00a8" }, { "reference_url": "https://huntr.dev/bounties/74918f40-dc11-4218-abef-064eb71a0703", "reference_id": "74918f40-dc11-4218-abef-064eb71a0703", "reference_type": "", "scores": [ { "value": "4.9", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N" }, { "value": "4.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-20T16:03:27Z/" } ], "url": "https://huntr.dev/bounties/74918f40-dc11-4218-abef-064eb71a0703" }, { "reference_url": "https://github.com/dnnsoftware/dnn.platform/commit/9b17351592fbde376506ba6705dbcc7a74a2a195", "reference_id": "9b17351592fbde376506ba6705dbcc7a74a2a195", "reference_type": "", "scores": [ { "value": "4.9", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N" }, { "value": "4.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-20T16:03:27Z/" } ], "url": "https://github.com/dnnsoftware/dnn.platform/commit/9b17351592fbde376506ba6705dbcc7a74a2a195" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-2922", "reference_id": "CVE-2022-2922", "reference_type": "", "scores": [ { "value": "4.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-2922" }, { "reference_url": "https://github.com/advisories/GHSA-9w72-2f23-57gm", "reference_id": "GHSA-9w72-2f23-57gm", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-9w72-2f23-57gm" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/27208?format=api", "purl": "pkg:nuget/DotNetNuke.Core@9.11.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2d1y-21mg-9kdx" }, { "vulnerability": "VCID-4wd1-t7cm-9yd2" }, { "vulnerability": "VCID-6227-44sm-nkbb" }, { "vulnerability": "VCID-as6z-jr8m-6kbm" }, { "vulnerability": "VCID-axxm-bb71-33dj" }, { "vulnerability": "VCID-c87b-2p6c-xqh8" }, { "vulnerability": "VCID-epah-7729-rqba" }, { "vulnerability": "VCID-f55k-m678-vbfr" }, { "vulnerability": "VCID-fyxq-vtfm-s3ec" }, { "vulnerability": "VCID-k89y-aedv-uugd" }, { "vulnerability": "VCID-kwns-m3j3-8kb7" }, { "vulnerability": "VCID-q3he-ta5n-hkec" }, { "vulnerability": "VCID-q7dx-jb8e-wua4" }, { "vulnerability": "VCID-smd5-xy65-jufc" }, { "vulnerability": "VCID-trdq-rcjg-s7gy" }, { "vulnerability": "VCID-wau9-knn5-vqbp" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:nuget/DotNetNuke.Core@9.11.0" } ], "aliases": [ "CVE-2022-2922", "GHSA-9w72-2f23-57gm" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-gkac-w1q4-wfgw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/329523?format=api", "vulnerability_id": "VCID-hdzp-q5cp-uuf5", "summary": "", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-5186", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00353", "scoring_system": "epss", "scoring_elements": "0.58056", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00353", "scoring_system": "epss", "scoring_elements": "0.58169", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00353", "scoring_system": "epss", "scoring_elements": "0.58186", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00353", "scoring_system": "epss", "scoring_elements": "0.58174", "published_at": "2026-06-14T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-5186" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-5186", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-5186" }, { "reference_url": "https://packetstormsecurity.com/files/156483/DotNetNuke-CMS-9.5.0-Cross-Site-Scripting.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://packetstormsecurity.com/files/156483/DotNetNuke-CMS-9.5.0-Cross-Site-Scripting.html" }, { "reference_url": "https://github.com/advisories/GHSA-9phr-h5mx-4fp6", "reference_id": "GHSA-9phr-h5mx-4fp6", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-9phr-h5mx-4fp6" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/385270?format=api", "purl": "pkg:nuget/DotNetNuke.Core@9.5.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2d1y-21mg-9kdx" }, { "vulnerability": "VCID-4wd1-t7cm-9yd2" }, { "vulnerability": "VCID-6227-44sm-nkbb" }, { "vulnerability": "VCID-76dr-n4fx-nud6" }, { "vulnerability": "VCID-as6z-jr8m-6kbm" }, { "vulnerability": "VCID-axxm-bb71-33dj" }, { "vulnerability": "VCID-c87b-2p6c-xqh8" }, { "vulnerability": "VCID-eaz6-q3m7-4bep" }, { "vulnerability": "VCID-epah-7729-rqba" }, { "vulnerability": "VCID-f55k-m678-vbfr" }, { "vulnerability": "VCID-fyxq-vtfm-s3ec" }, { "vulnerability": "VCID-gkac-w1q4-wfgw" }, { "vulnerability": "VCID-k89y-aedv-uugd" }, { "vulnerability": "VCID-kwns-m3j3-8kb7" }, { "vulnerability": "VCID-q3he-ta5n-hkec" }, { "vulnerability": "VCID-q7dx-jb8e-wua4" }, { "vulnerability": "VCID-qcc1-r81m-7ud6" }, { "vulnerability": "VCID-smd5-xy65-jufc" }, { "vulnerability": "VCID-tfyx-ssz9-1qah" }, { "vulnerability": "VCID-trdq-rcjg-s7gy" }, { "vulnerability": "VCID-wau9-knn5-vqbp" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:nuget/DotNetNuke.Core@9.5.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/400849?format=api", "purl": "pkg:nuget/DotNetNuke.Core@9.13.0-ci0000", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2d1y-21mg-9kdx" }, { "vulnerability": "VCID-4wd1-t7cm-9yd2" }, { "vulnerability": "VCID-6227-44sm-nkbb" }, { "vulnerability": "VCID-as6z-jr8m-6kbm" }, { "vulnerability": "VCID-axxm-bb71-33dj" }, { "vulnerability": "VCID-c87b-2p6c-xqh8" }, { "vulnerability": "VCID-epah-7729-rqba" }, { "vulnerability": "VCID-f55k-m678-vbfr" }, { "vulnerability": "VCID-fyxq-vtfm-s3ec" }, { "vulnerability": "VCID-k89y-aedv-uugd" }, { "vulnerability": "VCID-kwns-m3j3-8kb7" }, { "vulnerability": "VCID-q3he-ta5n-hkec" }, { "vulnerability": "VCID-q7dx-jb8e-wua4" }, { "vulnerability": "VCID-smd5-xy65-jufc" }, { "vulnerability": "VCID-trdq-rcjg-s7gy" }, { "vulnerability": "VCID-wau9-knn5-vqbp" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:nuget/DotNetNuke.Core@9.13.0-ci0000" } ], "aliases": [ "CVE-2020-5186", "GHSA-9phr-h5mx-4fp6" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-hdzp-q5cp-uuf5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/201687?format=api", "vulnerability_id": "VCID-j6vd-2rnp-n7e5", "summary": "Cross-site scripting (XSS) vulnerability in the user-profile biography section in DotNetNuke (DNN)", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-7119", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00227", "scoring_system": "epss", "scoring_elements": "0.4573", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00227", "scoring_system": "epss", "scoring_elements": "0.45583", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00227", "scoring_system": "epss", "scoring_elements": "0.45725", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00227", "scoring_system": "epss", "scoring_elements": "0.45739", "published_at": "2026-06-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-7119" }, { "reference_url": "http://www.securityfocus.com/bid/92719", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.securityfocus.com/bid/92719" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2016-7119", "reference_id": "CVE-2016-7119", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-7119" }, { "reference_url": "https://github.com/advisories/GHSA-5c66-x4wm-rjfx", "reference_id": "GHSA-5c66-x4wm-rjfx", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-5c66-x4wm-rjfx" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/13807?format=api", "purl": "pkg:nuget/DotNetNuke.Core@8.0.1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:nuget/DotNetNuke.Core@8.0.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/409116?format=api", "purl": "pkg:nuget/DotNetNuke.Core@8.0.1.239", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2d1y-21mg-9kdx" }, { "vulnerability": "VCID-4wd1-t7cm-9yd2" }, { "vulnerability": "VCID-76dr-n4fx-nud6" }, { "vulnerability": "VCID-8vft-tfmv-5qfr" }, { "vulnerability": "VCID-as6z-jr8m-6kbm" }, { "vulnerability": "VCID-axxm-bb71-33dj" }, { "vulnerability": "VCID-c87b-2p6c-xqh8" }, { "vulnerability": "VCID-eaz6-q3m7-4bep" }, { "vulnerability": "VCID-epah-7729-rqba" }, { "vulnerability": "VCID-f55k-m678-vbfr" }, { "vulnerability": "VCID-fyxq-vtfm-s3ec" }, { "vulnerability": "VCID-gkac-w1q4-wfgw" }, { "vulnerability": "VCID-hdzp-q5cp-uuf5" }, { "vulnerability": "VCID-kwns-m3j3-8kb7" }, { "vulnerability": "VCID-q3he-ta5n-hkec" }, { "vulnerability": "VCID-q3w4-ejd5-pqfz" }, { "vulnerability": "VCID-q7dx-jb8e-wua4" }, { "vulnerability": "VCID-smd5-xy65-jufc" }, { "vulnerability": "VCID-tc3h-gp3h-euf9" }, { "vulnerability": "VCID-tfyx-ssz9-1qah" }, { "vulnerability": "VCID-trdq-rcjg-s7gy" }, { "vulnerability": "VCID-w7dd-uzf2-d7au" }, { "vulnerability": "VCID-xmh6-rwbu-c3bb" }, { "vulnerability": "VCID-z31q-4wvb-gfhp" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:nuget/DotNetNuke.Core@8.0.1.239" } ], "aliases": [ "CVE-2016-7119", "GHSA-5c66-x4wm-rjfx" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-j6vd-2rnp-n7e5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/201685?format=api", "vulnerability_id": "VCID-jcyr-1pnk-e3er", "summary": "Moderate severity vulnerability that affects DotNetNuke.Core", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2015-1566", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00253", "scoring_system": "epss", "scoring_elements": "0.49083", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00253", "scoring_system": "epss", "scoring_elements": "0.48947", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00253", "scoring_system": "epss", "scoring_elements": "0.49088", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00253", "scoring_system": "epss", "scoring_elements": "0.49101", "published_at": "2026-06-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2015-1566" }, { "reference_url": "http://secunia.com/advisories/62832", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://secunia.com/advisories/62832" }, { "reference_url": "http://www.dnnsoftware.com/platform/manage/security-center", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.dnnsoftware.com/platform/manage/security-center" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2015-1566", "reference_id": "CVE-2015-1566", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-1566" }, { "reference_url": "https://github.com/advisories/GHSA-v76m-f5cx-8rg4", "reference_id": "GHSA-v76m-f5cx-8rg4", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-v76m-f5cx-8rg4" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/13805?format=api", "purl": "pkg:nuget/DotNetNuke.Core@7.4.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5eqv-4vr8-9ug1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:nuget/DotNetNuke.Core@7.4.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/388334?format=api", "purl": "pkg:nuget/DotNetNuke.Core@7.4.0.353", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2d1y-21mg-9kdx" }, { "vulnerability": "VCID-4wd1-t7cm-9yd2" }, { "vulnerability": "VCID-76dr-n4fx-nud6" }, { "vulnerability": "VCID-8vft-tfmv-5qfr" }, { "vulnerability": "VCID-as6z-jr8m-6kbm" }, { "vulnerability": "VCID-axxm-bb71-33dj" }, { "vulnerability": "VCID-c87b-2p6c-xqh8" }, { "vulnerability": "VCID-eaz6-q3m7-4bep" }, { "vulnerability": "VCID-epah-7729-rqba" }, { "vulnerability": "VCID-f55k-m678-vbfr" }, { "vulnerability": "VCID-fyxq-vtfm-s3ec" }, { "vulnerability": "VCID-gkac-w1q4-wfgw" }, { "vulnerability": "VCID-hdzp-q5cp-uuf5" }, { "vulnerability": "VCID-j6vd-2rnp-n7e5" }, { "vulnerability": "VCID-kwns-m3j3-8kb7" }, { "vulnerability": "VCID-q3he-ta5n-hkec" }, { "vulnerability": "VCID-q3w4-ejd5-pqfz" }, { "vulnerability": "VCID-q7dx-jb8e-wua4" }, { "vulnerability": "VCID-smd5-xy65-jufc" }, { "vulnerability": "VCID-tc3h-gp3h-euf9" }, { "vulnerability": "VCID-tfyx-ssz9-1qah" }, { "vulnerability": "VCID-trdq-rcjg-s7gy" }, { "vulnerability": "VCID-w7dd-uzf2-d7au" }, { "vulnerability": "VCID-xmh6-rwbu-c3bb" }, { "vulnerability": "VCID-z31q-4wvb-gfhp" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:nuget/DotNetNuke.Core@7.4.0.353" } ], "aliases": [ "CVE-2015-1566", "GHSA-v76m-f5cx-8rg4" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-jcyr-1pnk-e3er" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/84164?format=api", "vulnerability_id": "VCID-kwns-m3j3-8kb7", "summary": "DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Starting in version 6.0.0 and prior to version 10.2.2, in the friends feature, a user could craft a request that would force the acceptance of a friend request on another user. Version 10.2.2 patches the issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-40305", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00034", "scoring_system": "epss", "scoring_elements": "0.10571", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00034", "scoring_system": "epss", "scoring_elements": "0.10546", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00034", "scoring_system": "epss", "scoring_elements": "0.1057", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00034", "scoring_system": "epss", "scoring_elements": "0.10514", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-40305" }, { "reference_url": "https://github.com/dnnsoftware/Dnn.Platform", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/dnnsoftware/Dnn.Platform" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-40305", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-40305" }, { "reference_url": "https://github.com/advisories/GHSA-fpj4-9qhx-5m6m", "reference_id": "GHSA-fpj4-9qhx-5m6m", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-fpj4-9qhx-5m6m" }, { "reference_url": "https://github.com/dnnsoftware/Dnn.Platform/security/advisories/GHSA-fpj4-9qhx-5m6m", "reference_id": "GHSA-fpj4-9qhx-5m6m", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-20T13:22:45Z/" } ], "url": "https://github.com/dnnsoftware/Dnn.Platform/security/advisories/GHSA-fpj4-9qhx-5m6m" }, { "reference_url": "https://github.com/dnnsoftware/Dnn.Platform/releases/tag/v10.2.2", "reference_id": "v10.2.2", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-20T13:22:45Z/" } ], "url": "https://github.com/dnnsoftware/Dnn.Platform/releases/tag/v10.2.2" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/373520?format=api", "purl": "pkg:nuget/DotNetNuke.Core@10.2.2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:nuget/DotNetNuke.Core@10.2.2" } ], "aliases": [ "CVE-2026-40305", "GHSA-fpj4-9qhx-5m6m" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-kwns-m3j3-8kb7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/114577?format=api", "vulnerability_id": "VCID-q3he-ta5n-hkec", "summary": "DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. A bypass has been identified for the previously known vulnerability CVE-2017-0929, allowing unauthenticated attackers to execute arbitrary GET requests against target systems, including internal or adjacent networks. This vulnerability facilitates a semi-blind SSRF attack, allowing attackers to make the target server send requests to internal or external URLs without viewing the full responses. Potential impacts include internal network reconnaissance, bypassing firewalls. This vulnerability is fixed in 9.13.8.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-32372", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00102", "scoring_system": "epss", "scoring_elements": "0.27829", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00102", "scoring_system": "epss", "scoring_elements": "0.27814", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00102", "scoring_system": "epss", "scoring_elements": "0.27839", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00102", "scoring_system": "epss", "scoring_elements": "0.27612", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-32372" }, { "reference_url": "https://github.com/dnnsoftware/Dnn.Platform", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/dnnsoftware/Dnn.Platform" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-32372", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-32372" }, { "reference_url": "https://github.com/dnnsoftware/Dnn.Platform/commit/4721dd9eef846936d3b1a3676499e46968d15feb", "reference_id": "4721dd9eef846936d3b1a3676499e46968d15feb", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-09T15:39:52Z/" } ], "url": "https://github.com/dnnsoftware/Dnn.Platform/commit/4721dd9eef846936d3b1a3676499e46968d15feb" }, { "reference_url": "https://github.com/advisories/GHSA-3f7v-qx94-666m", "reference_id": "GHSA-3f7v-qx94-666m", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-3f7v-qx94-666m" }, { "reference_url": "https://github.com/dnnsoftware/Dnn.Platform/security/advisories/GHSA-3f7v-qx94-666m", "reference_id": "GHSA-3f7v-qx94-666m", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-09T15:39:52Z/" } ], "url": "https://github.com/dnnsoftware/Dnn.Platform/security/advisories/GHSA-3f7v-qx94-666m" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/376256?format=api", "purl": "pkg:nuget/DotNetNuke.Core@9.13.8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2d1y-21mg-9kdx" }, { "vulnerability": "VCID-4wd1-t7cm-9yd2" }, { "vulnerability": "VCID-6227-44sm-nkbb" }, { "vulnerability": "VCID-as6z-jr8m-6kbm" }, { "vulnerability": "VCID-axxm-bb71-33dj" }, { "vulnerability": "VCID-c87b-2p6c-xqh8" }, { "vulnerability": "VCID-epah-7729-rqba" }, { "vulnerability": "VCID-f55k-m678-vbfr" }, { "vulnerability": "VCID-fyxq-vtfm-s3ec" }, { "vulnerability": "VCID-k89y-aedv-uugd" }, { "vulnerability": "VCID-kwns-m3j3-8kb7" }, { "vulnerability": "VCID-q7dx-jb8e-wua4" }, { "vulnerability": "VCID-smd5-xy65-jufc" }, { "vulnerability": "VCID-trdq-rcjg-s7gy" }, { "vulnerability": "VCID-wau9-knn5-vqbp" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:nuget/DotNetNuke.Core@9.13.8" } ], "aliases": [ "CVE-2025-32372", "GHSA-3f7v-qx94-666m" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-q3he-ta5n-hkec" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/86185?format=api", "vulnerability_id": "VCID-q3w4-ejd5-pqfz", "summary": "DNN (aka DotNetNuke) before 9.1.1 has Remote Code Execution via a cookie, aka \"2017-08 (Critical) Possible remote code execution on DNN sites.\"", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-9822", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.94293", "scoring_system": "epss", "scoring_elements": "0.99946", "published_at": "2026-06-14T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-9822" }, { "reference_url": "http://www.securityfocus.com/bid/102213", "reference_id": "102213", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-07T13:41:35Z/" } ], "url": "http://www.securityfocus.com/bid/102213" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2017-9822", "reference_id": "CVE-2017-9822", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-9822" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/windows/remote/48336.rb", "reference_id": "CVE-2018-18326;CVE-2018-18325;CVE-2018-15812;CVE-2018-15811;CVE-2017-9822", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/windows/remote/48336.rb" }, { "reference_url": "https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/windows/http/dnn_cookie_deserialization_rce.rb", "reference_id": "CVE-2018-18326;CVE-2018-18325;CVE-2018-15812;CVE-2018-15811;CVE-2017-9822", "reference_type": "exploit", "scores": [], "url": "https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/windows/http/dnn_cookie_deserialization_rce.rb" }, { "reference_url": "http://packetstormsecurity.com/files/157080/DotNetNuke-Cookie-Deserialization-Remote-Code-Execution.html", "reference_id": "DotNetNuke-Cookie-Deserialization-Remote-Code-Execution.html", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-07T13:41:35Z/" } ], "url": "http://packetstormsecurity.com/files/157080/DotNetNuke-Cookie-Deserialization-Remote-Code-Execution.html" }, { "reference_url": "https://github.com/advisories/GHSA-x2rg-fmcv-crq5", "reference_id": "GHSA-x2rg-fmcv-crq5", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-x2rg-fmcv-crq5" }, { "reference_url": "http://www.dnnsoftware.com/community/security/security-center", "reference_id": "security-center", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-07T13:41:35Z/" } ], "url": "http://www.dnnsoftware.com/community/security/security-center" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/13808?format=api", "purl": "pkg:nuget/DotNetNuke.Core@9.1.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-q9z1-ty6z-6uau" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:nuget/DotNetNuke.Core@9.1.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/415810?format=api", "purl": "pkg:nuget/DotNetNuke.Core@9.1.1.129", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2d1y-21mg-9kdx" }, { "vulnerability": "VCID-4wd1-t7cm-9yd2" }, { "vulnerability": "VCID-6227-44sm-nkbb" }, { "vulnerability": "VCID-76dr-n4fx-nud6" }, { "vulnerability": "VCID-8vft-tfmv-5qfr" }, { "vulnerability": "VCID-as6z-jr8m-6kbm" }, { "vulnerability": "VCID-axxm-bb71-33dj" }, { "vulnerability": "VCID-c87b-2p6c-xqh8" }, { "vulnerability": "VCID-eaz6-q3m7-4bep" }, { "vulnerability": "VCID-epah-7729-rqba" }, { "vulnerability": "VCID-f55k-m678-vbfr" }, { "vulnerability": "VCID-fyxq-vtfm-s3ec" }, { "vulnerability": "VCID-gkac-w1q4-wfgw" }, { "vulnerability": "VCID-hdzp-q5cp-uuf5" }, { "vulnerability": "VCID-k89y-aedv-uugd" }, { "vulnerability": "VCID-kwns-m3j3-8kb7" }, { "vulnerability": "VCID-q3he-ta5n-hkec" }, { "vulnerability": "VCID-q7dx-jb8e-wua4" }, { "vulnerability": "VCID-smd5-xy65-jufc" }, { "vulnerability": "VCID-tc3h-gp3h-euf9" }, { "vulnerability": "VCID-tfyx-ssz9-1qah" }, { "vulnerability": "VCID-trdq-rcjg-s7gy" }, { "vulnerability": "VCID-w7dd-uzf2-d7au" }, { "vulnerability": "VCID-wau9-knn5-vqbp" }, { "vulnerability": "VCID-xmh6-rwbu-c3bb" }, { "vulnerability": "VCID-z31q-4wvb-gfhp" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:nuget/DotNetNuke.Core@9.1.1.129" } ], "aliases": [ "CVE-2017-9822", "GHSA-x2rg-fmcv-crq5" ], "risk_score": 10.0, "exploitability": "2.0", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-q3w4-ejd5-pqfz" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/359949?format=api", "vulnerability_id": "VCID-q7dx-jb8e-wua4", "summary": "DotNetNuke.Core security code analysis rules triggered\nThe codebase raises code analysis warnings related to security, including CA3075, CA5366, CA5371, CA5368, CA5369, CA5372, CA5379, CA5350, and CA5351.\n\nMost of these deal with disabling DTD processing in XML documents, but also includes cryptographic algorithm choices.", "references": [ { "reference_url": "https://github.com/dnnsoftware/Dnn.Platform", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/dnnsoftware/Dnn.Platform" }, { "reference_url": "https://github.com/dnnsoftware/Dnn.Platform/security/advisories/GHSA-fcpv-w245-r2q7", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/dnnsoftware/Dnn.Platform/security/advisories/GHSA-fcpv-w245-r2q7" }, { "reference_url": "https://github.com/advisories/GHSA-fcpv-w245-r2q7", "reference_id": "GHSA-fcpv-w245-r2q7", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-fcpv-w245-r2q7" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/373520?format=api", "purl": "pkg:nuget/DotNetNuke.Core@10.2.2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:nuget/DotNetNuke.Core@10.2.2" } ], "aliases": [ "GHSA-fcpv-w245-r2q7" ], "risk_score": 1.4, "exploitability": "0.5", "weighted_severity": "2.7", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-q7dx-jb8e-wua4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/268496?format=api", "vulnerability_id": "VCID-qk9a-b246-tfeh", "summary": "", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2013-3943", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00209", "scoring_system": "epss", "scoring_elements": "0.43383", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00209", "scoring_system": "epss", "scoring_elements": "0.4354", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00209", "scoring_system": "epss", "scoring_elements": "0.43559", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00209", "scoring_system": "epss", "scoring_elements": "0.4355", "published_at": "2026-06-14T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2013-3943" }, { "reference_url": "http://secunia.com/advisories/53493", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/53493" }, { "reference_url": "http://www.dnnsoftware.com/platform/manage/security-center", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.dnnsoftware.com/platform/manage/security-center" }, { "reference_url": "http://www.securityfocus.com/bid/61809", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/61809" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2013-3943", "reference_id": "CVE-2013-3943", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-3943" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/388108?format=api", "purl": "pkg:nuget/DotNetNuke.Core@7.2.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:nuget/DotNetNuke.Core@7.2.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/400849?format=api", "purl": "pkg:nuget/DotNetNuke.Core@9.13.0-ci0000", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2d1y-21mg-9kdx" }, { "vulnerability": "VCID-4wd1-t7cm-9yd2" }, { "vulnerability": "VCID-6227-44sm-nkbb" }, { "vulnerability": "VCID-as6z-jr8m-6kbm" }, { "vulnerability": "VCID-axxm-bb71-33dj" }, { "vulnerability": "VCID-c87b-2p6c-xqh8" }, { "vulnerability": "VCID-epah-7729-rqba" }, { "vulnerability": "VCID-f55k-m678-vbfr" }, { "vulnerability": "VCID-fyxq-vtfm-s3ec" }, { "vulnerability": "VCID-k89y-aedv-uugd" }, { "vulnerability": "VCID-kwns-m3j3-8kb7" }, { "vulnerability": "VCID-q3he-ta5n-hkec" }, { "vulnerability": "VCID-q7dx-jb8e-wua4" }, { "vulnerability": "VCID-smd5-xy65-jufc" }, { "vulnerability": "VCID-trdq-rcjg-s7gy" }, { "vulnerability": "VCID-wau9-knn5-vqbp" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:nuget/DotNetNuke.Core@9.13.0-ci0000" } ], "aliases": [ "CVE-2013-3943" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-qk9a-b246-tfeh" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/90930?format=api", "vulnerability_id": "VCID-smd5-xy65-jufc", "summary": "DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Prior to 10.1.1, sanitization of the content of uploaded SVG files was not covering all possible XSS scenarios. This vulnerability exists because of an incomplete fix for CVE-2025-48378. This vulnerability is fixed in 10.1.1.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-64094", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00025", "scoring_system": "epss", "scoring_elements": "0.07536", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00025", "scoring_system": "epss", "scoring_elements": "0.07556", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00025", "scoring_system": "epss", "scoring_elements": "0.07566", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00025", "scoring_system": "epss", "scoring_elements": "0.07571", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-64094" }, { "reference_url": "https://github.com/dnnsoftware/Dnn.Platform", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/dnnsoftware/Dnn.Platform" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-64094", "reference_id": "CVE-2025-64094", "reference_type": "", "scores": [ { "value": "6.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-64094" }, { "reference_url": "https://github.com/advisories/GHSA-hmvq-8p83-cq52", "reference_id": "GHSA-hmvq-8p83-cq52", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-hmvq-8p83-cq52" }, { "reference_url": "https://github.com/dnnsoftware/Dnn.Platform/security/advisories/GHSA-hmvq-8p83-cq52", "reference_id": "GHSA-hmvq-8p83-cq52", "reference_type": "", "scores": [ { "value": "6.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-29T14:51:54Z/" } ], "url": "https://github.com/dnnsoftware/Dnn.Platform/security/advisories/GHSA-hmvq-8p83-cq52" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/34899?format=api", "purl": "pkg:nuget/DotNetNuke.Core@10.1.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-6227-44sm-nkbb" }, { "vulnerability": "VCID-axxm-bb71-33dj" }, { "vulnerability": "VCID-fyxq-vtfm-s3ec" }, { "vulnerability": "VCID-k89y-aedv-uugd" }, { "vulnerability": "VCID-kwns-m3j3-8kb7" }, { "vulnerability": "VCID-q7dx-jb8e-wua4" }, { "vulnerability": "VCID-wau9-knn5-vqbp" }, { "vulnerability": "VCID-z9tg-26ja-c7hw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:nuget/DotNetNuke.Core@10.1.1" } ], "aliases": [ "CVE-2025-64094", "GHSA-hmvq-8p83-cq52" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-smd5-xy65-jufc" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/329525?format=api", "vulnerability_id": "VCID-tc3h-gp3h-euf9", "summary": "", "references": [ { "reference_url": "http://packetstormsecurity.com/files/156484/DotNetNuke-CMS-9.5.0-File-Extension-Check-Bypass.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://packetstormsecurity.com/files/156484/DotNetNuke-CMS-9.5.0-File-Extension-Check-Bypass.html" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-5188", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00254", "scoring_system": "epss", "scoring_elements": "0.48981", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00254", "scoring_system": "epss", "scoring_elements": "0.49117", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00254", "scoring_system": "epss", "scoring_elements": "0.49135", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00254", "scoring_system": "epss", "scoring_elements": "0.49125", "published_at": "2026-06-14T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-5188" }, { "reference_url": "https://github.com/dnnsoftware/Dnn.Platform", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/dnnsoftware/Dnn.Platform" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-5188", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-5188" }, { "reference_url": "https://github.com/advisories/GHSA-vjcm-j85r-7p68", "reference_id": "GHSA-vjcm-j85r-7p68", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-vjcm-j85r-7p68" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/385270?format=api", "purl": "pkg:nuget/DotNetNuke.Core@9.5.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2d1y-21mg-9kdx" }, { "vulnerability": "VCID-4wd1-t7cm-9yd2" }, { "vulnerability": "VCID-6227-44sm-nkbb" }, { "vulnerability": "VCID-76dr-n4fx-nud6" }, { "vulnerability": "VCID-as6z-jr8m-6kbm" }, { "vulnerability": "VCID-axxm-bb71-33dj" }, { "vulnerability": "VCID-c87b-2p6c-xqh8" }, { "vulnerability": "VCID-eaz6-q3m7-4bep" }, { "vulnerability": "VCID-epah-7729-rqba" }, { "vulnerability": "VCID-f55k-m678-vbfr" }, { "vulnerability": "VCID-fyxq-vtfm-s3ec" }, { "vulnerability": "VCID-gkac-w1q4-wfgw" }, { "vulnerability": "VCID-k89y-aedv-uugd" }, { "vulnerability": "VCID-kwns-m3j3-8kb7" }, { "vulnerability": "VCID-q3he-ta5n-hkec" }, { "vulnerability": "VCID-q7dx-jb8e-wua4" }, { "vulnerability": "VCID-qcc1-r81m-7ud6" }, { "vulnerability": "VCID-smd5-xy65-jufc" }, { "vulnerability": "VCID-tfyx-ssz9-1qah" }, { "vulnerability": "VCID-trdq-rcjg-s7gy" }, { "vulnerability": "VCID-wau9-knn5-vqbp" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:nuget/DotNetNuke.Core@9.5.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/400849?format=api", "purl": "pkg:nuget/DotNetNuke.Core@9.13.0-ci0000", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2d1y-21mg-9kdx" }, { "vulnerability": "VCID-4wd1-t7cm-9yd2" }, { "vulnerability": "VCID-6227-44sm-nkbb" }, { "vulnerability": "VCID-as6z-jr8m-6kbm" }, { "vulnerability": "VCID-axxm-bb71-33dj" }, { "vulnerability": "VCID-c87b-2p6c-xqh8" }, { "vulnerability": "VCID-epah-7729-rqba" }, { "vulnerability": "VCID-f55k-m678-vbfr" }, { "vulnerability": "VCID-fyxq-vtfm-s3ec" }, { "vulnerability": "VCID-k89y-aedv-uugd" }, { "vulnerability": "VCID-kwns-m3j3-8kb7" }, { "vulnerability": "VCID-q3he-ta5n-hkec" }, { "vulnerability": "VCID-q7dx-jb8e-wua4" }, { "vulnerability": "VCID-smd5-xy65-jufc" }, { "vulnerability": "VCID-trdq-rcjg-s7gy" }, { "vulnerability": "VCID-wau9-knn5-vqbp" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:nuget/DotNetNuke.Core@9.13.0-ci0000" } ], "aliases": [ "CVE-2020-5188", "GHSA-vjcm-j85r-7p68" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-tc3h-gp3h-euf9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/339688?format=api", "vulnerability_id": "VCID-tfyx-ssz9-1qah", "summary": "", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-31858", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00234", "scoring_system": "epss", "scoring_elements": "0.46512", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00234", "scoring_system": "epss", "scoring_elements": "0.46657", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00234", "scoring_system": "epss", "scoring_elements": "0.46667", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00234", "scoring_system": "epss", "scoring_elements": "0.46653", "published_at": "2026-06-14T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-31858" }, { "reference_url": "https://labs.integrity.pt/advisories/cve-2021-31858/", "reference_id": "CVE-2021-31858", "reference_type": "", "scores": [], "url": "https://labs.integrity.pt/advisories/cve-2021-31858/" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-31858", "reference_id": "CVE-2021-31858", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-31858" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/400849?format=api", "purl": "pkg:nuget/DotNetNuke.Core@9.13.0-ci0000", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2d1y-21mg-9kdx" }, { "vulnerability": "VCID-4wd1-t7cm-9yd2" }, { "vulnerability": "VCID-6227-44sm-nkbb" }, { "vulnerability": "VCID-as6z-jr8m-6kbm" }, { "vulnerability": "VCID-axxm-bb71-33dj" }, { "vulnerability": "VCID-c87b-2p6c-xqh8" }, { "vulnerability": "VCID-epah-7729-rqba" }, { "vulnerability": "VCID-f55k-m678-vbfr" }, { "vulnerability": "VCID-fyxq-vtfm-s3ec" }, { "vulnerability": "VCID-k89y-aedv-uugd" }, { "vulnerability": "VCID-kwns-m3j3-8kb7" }, { "vulnerability": "VCID-q3he-ta5n-hkec" }, { "vulnerability": "VCID-q7dx-jb8e-wua4" }, { "vulnerability": "VCID-smd5-xy65-jufc" }, { "vulnerability": "VCID-trdq-rcjg-s7gy" }, { "vulnerability": "VCID-wau9-knn5-vqbp" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:nuget/DotNetNuke.Core@9.13.0-ci0000" } ], "aliases": [ "CVE-2021-31858" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-tfyx-ssz9-1qah" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/101151?format=api", "vulnerability_id": "VCID-trdq-rcjg-s7gy", "summary": "DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Prior to version 10.1.0, arbitrary themes can be loaded through query parameters. If an installed theme had a vulnerability, even if it was not used on any page, this could be loaded on unsuspecting clients without knowledge of the site owner. This issue has been patched in version 10.1.0.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-59535", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00126", "scoring_system": "epss", "scoring_elements": "0.31369", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00126", "scoring_system": "epss", "scoring_elements": "0.31561", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00126", "scoring_system": "epss", "scoring_elements": "0.31579", "published_at": "2026-06-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-59535" }, { "reference_url": "https://dnncommunity.org/?SkinSrc=%5BG%5Dskins%2Fxcillion%2Fhome&ContainerSrc=%5BG%5DContainers%2FXcillion%2FNoTitle", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://dnncommunity.org/?SkinSrc=%5BG%5Dskins%2Fxcillion%2Fhome&ContainerSrc=%5BG%5DContainers%2FXcillion%2FNoTitle" }, { "reference_url": "https://github.com/dnnsoftware/Dnn.Platform", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/dnnsoftware/Dnn.Platform" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-59535", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-59535" }, { "reference_url": "https://github.com/dnnsoftware/Dnn.Platform/commit/72f30f69fd2214d77f6c2577dfcca495a24caf5c", "reference_id": "72f30f69fd2214d77f6c2577dfcca495a24caf5c", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-09-23T20:08:12Z/" } ], "url": "https://github.com/dnnsoftware/Dnn.Platform/commit/72f30f69fd2214d77f6c2577dfcca495a24caf5c" }, { "reference_url": "https://github.com/advisories/GHSA-wq2j-w9pm-7x2p", "reference_id": "GHSA-wq2j-w9pm-7x2p", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-wq2j-w9pm-7x2p" }, { "reference_url": "https://github.com/dnnsoftware/Dnn.Platform/security/advisories/GHSA-wq2j-w9pm-7x2p", "reference_id": "GHSA-wq2j-w9pm-7x2p", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-09-23T20:08:12Z/" } ], "url": "https://github.com/dnnsoftware/Dnn.Platform/security/advisories/GHSA-wq2j-w9pm-7x2p" }, { "reference_url": "https://github.com/dnnsoftware/Dnn.Platform/blob/develop/DNN%20Platform/Library/UI/Skins/Skin.cs#L305", "reference_id": "Skin.cs#L305", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-09-23T20:08:12Z/" } ], "url": "https://github.com/dnnsoftware/Dnn.Platform/blob/develop/DNN%20Platform/Library/UI/Skins/Skin.cs#L305" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/376615?format=api", "purl": "pkg:nuget/DotNetNuke.Core@10.1.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-6227-44sm-nkbb" }, { "vulnerability": "VCID-axxm-bb71-33dj" }, { "vulnerability": "VCID-fyxq-vtfm-s3ec" }, { "vulnerability": "VCID-k89y-aedv-uugd" }, { "vulnerability": "VCID-kwns-m3j3-8kb7" }, { "vulnerability": "VCID-q7dx-jb8e-wua4" }, { "vulnerability": "VCID-smd5-xy65-jufc" }, { "vulnerability": "VCID-wau9-knn5-vqbp" }, { "vulnerability": "VCID-z9tg-26ja-c7hw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:nuget/DotNetNuke.Core@10.1.0" } ], "aliases": [ "CVE-2025-59535", "GHSA-wq2j-w9pm-7x2p" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-trdq-rcjg-s7gy" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/329524?format=api", "vulnerability_id": "VCID-w7dd-uzf2-d7au", "summary": "", "references": [ { "reference_url": "http://packetstormsecurity.com/files/156489/DotNetNuke-CMS-9.4.4-Zip-Directory-Traversal.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://packetstormsecurity.com/files/156489/DotNetNuke-CMS-9.4.4-Zip-Directory-Traversal.html" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-5187", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00709", "scoring_system": "epss", "scoring_elements": "0.72682", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00709", "scoring_system": "epss", "scoring_elements": "0.72758", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00709", "scoring_system": "epss", "scoring_elements": "0.72774", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00709", "scoring_system": "epss", "scoring_elements": "0.72771", "published_at": "2026-06-14T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-5187" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-5187", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-5187" }, { "reference_url": "https://github.com/advisories/GHSA-4qf5-7xc2-wqpg", "reference_id": "GHSA-4qf5-7xc2-wqpg", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-4qf5-7xc2-wqpg" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/385270?format=api", "purl": "pkg:nuget/DotNetNuke.Core@9.5.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2d1y-21mg-9kdx" }, { "vulnerability": "VCID-4wd1-t7cm-9yd2" }, { "vulnerability": "VCID-6227-44sm-nkbb" }, { "vulnerability": "VCID-76dr-n4fx-nud6" }, { "vulnerability": "VCID-as6z-jr8m-6kbm" }, { "vulnerability": "VCID-axxm-bb71-33dj" }, { "vulnerability": "VCID-c87b-2p6c-xqh8" }, { "vulnerability": "VCID-eaz6-q3m7-4bep" }, { "vulnerability": "VCID-epah-7729-rqba" }, { "vulnerability": "VCID-f55k-m678-vbfr" }, { "vulnerability": "VCID-fyxq-vtfm-s3ec" }, { "vulnerability": "VCID-gkac-w1q4-wfgw" }, { "vulnerability": "VCID-k89y-aedv-uugd" }, { "vulnerability": "VCID-kwns-m3j3-8kb7" }, { "vulnerability": "VCID-q3he-ta5n-hkec" }, { "vulnerability": "VCID-q7dx-jb8e-wua4" }, { "vulnerability": "VCID-qcc1-r81m-7ud6" }, { "vulnerability": "VCID-smd5-xy65-jufc" }, { "vulnerability": "VCID-tfyx-ssz9-1qah" }, { "vulnerability": "VCID-trdq-rcjg-s7gy" }, { "vulnerability": "VCID-wau9-knn5-vqbp" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:nuget/DotNetNuke.Core@9.5.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/400849?format=api", "purl": "pkg:nuget/DotNetNuke.Core@9.13.0-ci0000", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2d1y-21mg-9kdx" }, { "vulnerability": "VCID-4wd1-t7cm-9yd2" }, { "vulnerability": "VCID-6227-44sm-nkbb" }, { "vulnerability": "VCID-as6z-jr8m-6kbm" }, { "vulnerability": "VCID-axxm-bb71-33dj" }, { "vulnerability": "VCID-c87b-2p6c-xqh8" }, { "vulnerability": "VCID-epah-7729-rqba" }, { "vulnerability": "VCID-f55k-m678-vbfr" }, { "vulnerability": "VCID-fyxq-vtfm-s3ec" }, { "vulnerability": "VCID-k89y-aedv-uugd" }, { "vulnerability": "VCID-kwns-m3j3-8kb7" }, { "vulnerability": "VCID-q3he-ta5n-hkec" }, { "vulnerability": "VCID-q7dx-jb8e-wua4" }, { "vulnerability": "VCID-smd5-xy65-jufc" }, { "vulnerability": "VCID-trdq-rcjg-s7gy" }, { "vulnerability": "VCID-wau9-knn5-vqbp" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:nuget/DotNetNuke.Core@9.13.0-ci0000" } ], "aliases": [ "CVE-2020-5187", "GHSA-4qf5-7xc2-wqpg" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-w7dd-uzf2-d7au" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/159564?format=api", "vulnerability_id": "VCID-xmh6-rwbu-c3bb", "summary": "DNN (aka DotNetNuke) 9.2 through 9.2.2 uses a weak encryption algorithm to protect input parameters. NOTE: this issue exists because of an incomplete fix for CVE-2018-15811.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-18325", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.92916", "scoring_system": "epss", "scoring_elements": "0.99783", "published_at": "2026-06-14T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-18325" }, { "reference_url": "https://github.com/dnnsoftware/Dnn.Platform", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/dnnsoftware/Dnn.Platform" }, { "reference_url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2018-18325", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2018-18325" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2018-18325", "reference_id": "CVE-2018-18325", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-18325" }, { "reference_url": "http://packetstormsecurity.com/files/157080/DotNetNuke-Cookie-Deserialization-Remote-Code-Execution.html", "reference_id": "DotNetNuke-Cookie-Deserialization-Remote-Code-Execution.html", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-02-04T20:15:01Z/" } ], "url": "http://packetstormsecurity.com/files/157080/DotNetNuke-Cookie-Deserialization-Remote-Code-Execution.html" }, { "reference_url": "https://github.com/advisories/GHSA-j3g9-6fx5-gjv7", "reference_id": "GHSA-j3g9-6fx5-gjv7", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-j3g9-6fx5-gjv7" }, { "reference_url": "https://github.com/dnnsoftware/Dnn.Platform/releases", "reference_id": "releases", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-02-04T20:15:01Z/" } ], "url": "https://github.com/dnnsoftware/Dnn.Platform/releases" }, { "reference_url": "https://www.dnnsoftware.com/community/security/security-center", "reference_id": "security-center", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-02-04T20:15:01Z/" } ], "url": "https://www.dnnsoftware.com/community/security/security-center" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/15432?format=api", "purl": "pkg:nuget/DotNetNuke.Core@9.3.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2d1y-21mg-9kdx" }, { "vulnerability": "VCID-4wd1-t7cm-9yd2" }, { "vulnerability": "VCID-6227-44sm-nkbb" }, { "vulnerability": "VCID-76dr-n4fx-nud6" }, { "vulnerability": "VCID-as6z-jr8m-6kbm" }, { "vulnerability": "VCID-axxm-bb71-33dj" }, { "vulnerability": "VCID-c87b-2p6c-xqh8" }, { "vulnerability": "VCID-eaz6-q3m7-4bep" }, { "vulnerability": "VCID-epah-7729-rqba" }, { "vulnerability": "VCID-f55k-m678-vbfr" }, { "vulnerability": "VCID-fyxq-vtfm-s3ec" }, { "vulnerability": "VCID-gkac-w1q4-wfgw" }, { "vulnerability": "VCID-hdzp-q5cp-uuf5" }, { "vulnerability": "VCID-k89y-aedv-uugd" }, { "vulnerability": "VCID-kwns-m3j3-8kb7" }, { "vulnerability": "VCID-q3he-ta5n-hkec" }, { "vulnerability": "VCID-q7dx-jb8e-wua4" }, { "vulnerability": "VCID-smd5-xy65-jufc" }, { "vulnerability": "VCID-tc3h-gp3h-euf9" }, { "vulnerability": "VCID-tfyx-ssz9-1qah" }, { "vulnerability": "VCID-trdq-rcjg-s7gy" }, { "vulnerability": "VCID-w7dd-uzf2-d7au" }, { "vulnerability": "VCID-wau9-knn5-vqbp" }, { "vulnerability": "VCID-z31q-4wvb-gfhp" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:nuget/DotNetNuke.Core@9.3.0" } ], "aliases": [ "CVE-2018-18325", "GHSA-j3g9-6fx5-gjv7" ], "risk_score": 10.0, "exploitability": "2.0", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-xmh6-rwbu-c3bb" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/204257?format=api", "vulnerability_id": "VCID-z31q-4wvb-gfhp", "summary": "Stored Cross-Site Scripting vulnerability in admin component of DotNetNuke", "references": [ { "reference_url": "http://packetstormsecurity.com/files/154673/DotNetNuke-Cross-Site-Scripting.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://packetstormsecurity.com/files/154673/DotNetNuke-Cross-Site-Scripting.html" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-12562", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.38668", "scoring_system": "epss", "scoring_elements": "0.9735", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.38668", "scoring_system": "epss", "scoring_elements": "0.9736", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.38668", "scoring_system": "epss", "scoring_elements": "0.97358", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-12562" }, { "reference_url": "https://mayaseven.com/cve-2019-12562-stored-cross-site-scripting-in-dotnetnuke-dnn-version-v9-3-2", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://mayaseven.com/cve-2019-12562-stored-cross-site-scripting-in-dotnetnuke-dnn-version-v9-3-2" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/webapps/47448.py", "reference_id": "CVE-2019-12562", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/webapps/47448.py" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-12562", "reference_id": "CVE-2019-12562", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-12562" }, { "reference_url": "https://mayaseven.com/cve-2019-12562-stored-cross-site-scripting-in-dotnetnuke-dnn-version-v9-3-2/", "reference_id": "CVE-2019-12562-STORED-CROSS-SITE-SCRIPTING-IN-DOTNETNUKE-DNN-VERSION-V9-3-2", "reference_type": "", "scores": [], "url": "https://mayaseven.com/cve-2019-12562-stored-cross-site-scripting-in-dotnetnuke-dnn-version-v9-3-2/" }, { "reference_url": "https://github.com/advisories/GHSA-5whq-j5qg-wjvp", "reference_id": "GHSA-5whq-j5qg-wjvp", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-5whq-j5qg-wjvp" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/15775?format=api", "purl": "pkg:nuget/DotNetNuke.Core@9.4.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2d1y-21mg-9kdx" }, { "vulnerability": "VCID-4wd1-t7cm-9yd2" }, { "vulnerability": "VCID-6227-44sm-nkbb" }, { "vulnerability": "VCID-76dr-n4fx-nud6" }, { "vulnerability": "VCID-as6z-jr8m-6kbm" }, { "vulnerability": "VCID-axxm-bb71-33dj" }, { "vulnerability": "VCID-c87b-2p6c-xqh8" }, { "vulnerability": "VCID-eaz6-q3m7-4bep" }, { "vulnerability": "VCID-epah-7729-rqba" }, { "vulnerability": "VCID-f55k-m678-vbfr" }, { "vulnerability": "VCID-fyxq-vtfm-s3ec" }, { "vulnerability": "VCID-gkac-w1q4-wfgw" }, { "vulnerability": "VCID-hdzp-q5cp-uuf5" }, { "vulnerability": "VCID-k89y-aedv-uugd" }, { "vulnerability": "VCID-kwns-m3j3-8kb7" }, { "vulnerability": "VCID-q3he-ta5n-hkec" }, { "vulnerability": "VCID-q7dx-jb8e-wua4" }, { "vulnerability": "VCID-smd5-xy65-jufc" }, { "vulnerability": "VCID-tc3h-gp3h-euf9" }, { "vulnerability": "VCID-tfyx-ssz9-1qah" }, { "vulnerability": "VCID-trdq-rcjg-s7gy" }, { "vulnerability": "VCID-w7dd-uzf2-d7au" }, { "vulnerability": "VCID-wau9-knn5-vqbp" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:nuget/DotNetNuke.Core@9.4.0" } ], "aliases": [ "CVE-2019-12562", "GHSA-5whq-j5qg-wjvp" ], "risk_score": 10.0, "exploitability": "2.0", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-z31q-4wvb-gfhp" } ], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/258428?format=api", "vulnerability_id": "VCID-g1v2-vd5w-d7af", "summary": "", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2010-4514", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0278", "scoring_system": "epss", "scoring_elements": "0.86383", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.0278", "scoring_system": "epss", "scoring_elements": "0.86434", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.0278", "scoring_system": "epss", "scoring_elements": "0.86444", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.0278", "scoring_system": "epss", "scoring_elements": "0.86442", "published_at": "2026-06-14T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2010-4514" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2010-4514", "reference_id": "CVE-2010-4514", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2010-4514" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/asp/webapps/35045.txt", "reference_id": "CVE-2010-4514;OSVDB-69686", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/asp/webapps/35045.txt" }, { "reference_url": "https://www.securityfocus.com/bid/45180/info", "reference_id": "CVE-2010-4514;OSVDB-69686", "reference_type": "exploit", "scores": [], "url": "https://www.securityfocus.com/bid/45180/info" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/387802?format=api", "purl": "pkg:nuget/DotNetNuke.Core@6.0.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2d1y-21mg-9kdx" }, { "vulnerability": "VCID-2wya-nj46-dff2" }, { "vulnerability": "VCID-4wd1-t7cm-9yd2" }, { "vulnerability": "VCID-5eqv-4vr8-9ug1" }, { "vulnerability": "VCID-76dr-n4fx-nud6" }, { "vulnerability": "VCID-8vft-tfmv-5qfr" }, { "vulnerability": "VCID-9bhd-qqr2-1yhy" }, { "vulnerability": "VCID-as6z-jr8m-6kbm" }, { "vulnerability": "VCID-axxm-bb71-33dj" }, { "vulnerability": "VCID-bmfr-jaur-3kfq" }, { "vulnerability": "VCID-c87b-2p6c-xqh8" }, { "vulnerability": "VCID-epah-7729-rqba" }, { "vulnerability": "VCID-f55k-m678-vbfr" }, { "vulnerability": "VCID-fyxq-vtfm-s3ec" }, { "vulnerability": "VCID-gkac-w1q4-wfgw" }, { "vulnerability": "VCID-hdzp-q5cp-uuf5" }, { "vulnerability": "VCID-j6vd-2rnp-n7e5" }, { "vulnerability": "VCID-jcyr-1pnk-e3er" }, { "vulnerability": "VCID-kwns-m3j3-8kb7" }, { "vulnerability": "VCID-q3he-ta5n-hkec" }, { "vulnerability": "VCID-q3w4-ejd5-pqfz" }, { "vulnerability": "VCID-q7dx-jb8e-wua4" }, { "vulnerability": "VCID-qk9a-b246-tfeh" }, { "vulnerability": "VCID-smd5-xy65-jufc" }, { "vulnerability": "VCID-tc3h-gp3h-euf9" }, { "vulnerability": "VCID-tfyx-ssz9-1qah" }, { "vulnerability": "VCID-trdq-rcjg-s7gy" }, { "vulnerability": "VCID-w7dd-uzf2-d7au" }, { "vulnerability": "VCID-xmh6-rwbu-c3bb" }, { "vulnerability": "VCID-z31q-4wvb-gfhp" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:nuget/DotNetNuke.Core@6.0.0" } ], "aliases": [ "CVE-2010-4514" ], "risk_score": null, "exploitability": "2.0", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-g1v2-vd5w-d7af" } ], "risk_score": "10.0", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:nuget/DotNetNuke.Core@6.0.0" }