Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/56012?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/56012?format=api", "purl": "pkg:nuget/DotNetNuke.Core@9.2.0.366", "type": "nuget", "namespace": "", "name": "DotNetNuke.Core", "version": "9.2.0.366", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "10.2.2", "latest_non_vulnerable_version": "10.2.2", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/41152?format=api", "vulnerability_id": "VCID-2dnh-g597-juce", "summary": "Inadequate Encryption Strength in DotNetNuke\nDNN (aka DotNetNuke) 9.2 through 9.2.2 uses a weak encryption algorithm to protect input parameters. NOTE: this issue exists because of an incomplete fix for CVE-2018-15811.", "references": [ { "reference_url": "http://packetstormsecurity.com/files/157080/DotNetNuke-Cookie-Deserialization-Remote-Code-Execution.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-02-04T20:15:01Z/" } ], "url": "http://packetstormsecurity.com/files/157080/DotNetNuke-Cookie-Deserialization-Remote-Code-Execution.html" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-18325", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.92916", "scoring_system": "epss", "scoring_elements": "0.9978", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.92916", "scoring_system": "epss", "scoring_elements": "0.99781", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-18325" }, { "reference_url": "https://github.com/dnnsoftware/Dnn.Platform", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/dnnsoftware/Dnn.Platform" }, { "reference_url": "https://github.com/dnnsoftware/Dnn.Platform/releases", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-02-04T20:15:01Z/" } ], "url": "https://github.com/dnnsoftware/Dnn.Platform/releases" }, { "reference_url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2018-18325", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2018-18325" }, { "reference_url": "https://www.dnnsoftware.com/community/security/security-center", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-02-04T20:15:01Z/" } ], "url": "https://www.dnnsoftware.com/community/security/security-center" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2018-18325", "reference_id": "CVE-2018-18325", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-18325" }, { "reference_url": "https://github.com/advisories/GHSA-j3g9-6fx5-gjv7", "reference_id": "GHSA-j3g9-6fx5-gjv7", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-j3g9-6fx5-gjv7" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/58274?format=api", "purl": "pkg:nuget/DotNetNuke.Core@9.3.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3b3m-76g5-5kfm" }, { "vulnerability": "VCID-3e7c-8uk1-ruch" }, { "vulnerability": "VCID-7u59-m3nn-q3gj" }, { "vulnerability": "VCID-cs7y-gg46-r3ca" }, { "vulnerability": "VCID-e5pw-7tpb-qyb8" }, { "vulnerability": "VCID-erck-k36n-2yd2" }, { "vulnerability": "VCID-hdn9-z9eh-abfx" }, { "vulnerability": "VCID-k8b8-4muv-gye5" }, { "vulnerability": "VCID-ky3u-4syg-3yat" }, { "vulnerability": "VCID-m5hg-ajyc-3qf1" }, { "vulnerability": "VCID-m9cg-wd76-zqcy" }, { "vulnerability": "VCID-msru-ycnu-zuhe" }, { "vulnerability": "VCID-nn2y-9sk9-kugc" }, { "vulnerability": "VCID-pnw1-8knr-7qhc" }, { "vulnerability": "VCID-q3bw-2pvk-17dg" }, { "vulnerability": "VCID-q97q-u1zk-rqhd" }, { "vulnerability": "VCID-qscj-d21p-nfby" }, { "vulnerability": "VCID-r799-28wr-23bu" }, { "vulnerability": "VCID-s3s5-gwjg-rqgv" }, { "vulnerability": "VCID-uc59-7c8z-6kbd" }, { "vulnerability": "VCID-v7s2-8wh8-kydw" }, { "vulnerability": "VCID-y61z-d6sj-qucc" }, { "vulnerability": "VCID-y9ym-w5m9-e3bs" }, { "vulnerability": "VCID-zfex-gefk-byfa" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:nuget/DotNetNuke.Core@9.3.0" } ], "aliases": [ "CVE-2018-18325", "GHSA-j3g9-6fx5-gjv7" ], "risk_score": 10.0, "exploitability": "2.0", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-2dnh-g597-juce" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/108945?format=api", "vulnerability_id": "VCID-3b3m-76g5-5kfm", "summary": "DNN vulnerable to Relative Path Traversal\nDNN (GitHub repository dnnsoftware/dnn.platform) prior to 9.11.0 is vulnerable to Relative Path Traversal. Version 9.11.0 contains a patch for this issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-2922", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00453", "scoring_system": "epss", "scoring_elements": "0.64126", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00453", "scoring_system": "epss", "scoring_elements": "0.64135", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00453", "scoring_system": "epss", "scoring_elements": "0.64083", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-2922" }, { "reference_url": "https://github.com/dnnsoftware/dnn.platform", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/dnnsoftware/dnn.platform" }, { "reference_url": "https://github.com/dnnsoftware/Dnn.Platform/commit/3697c5344cef8d49214230f0cc2efcd9e93a00a8", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/dnnsoftware/Dnn.Platform/commit/3697c5344cef8d49214230f0cc2efcd9e93a00a8" }, { "reference_url": "https://github.com/dnnsoftware/dnn.platform/commit/9b17351592fbde376506ba6705dbcc7a74a2a195", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.9", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N" }, { "value": "4.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-20T16:03:27Z/" } ], "url": "https://github.com/dnnsoftware/dnn.platform/commit/9b17351592fbde376506ba6705dbcc7a74a2a195" }, { "reference_url": "https://huntr.dev/bounties/74918f40-dc11-4218-abef-064eb71a0703", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.9", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N" }, { "value": "4.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-20T16:03:27Z/" } ], "url": "https://huntr.dev/bounties/74918f40-dc11-4218-abef-064eb71a0703" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-2922", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-2922" }, { "reference_url": "https://github.com/advisories/GHSA-9w72-2f23-57gm", "reference_id": "GHSA-9w72-2f23-57gm", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-9w72-2f23-57gm" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/145123?format=api", "purl": "pkg:nuget/DotNetNuke.Core@9.11.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7u59-m3nn-q3gj" }, { "vulnerability": "VCID-cs7y-gg46-r3ca" }, { "vulnerability": "VCID-e5pw-7tpb-qyb8" }, { "vulnerability": "VCID-erck-k36n-2yd2" }, { "vulnerability": "VCID-hdn9-z9eh-abfx" }, { "vulnerability": "VCID-k8b8-4muv-gye5" }, { "vulnerability": "VCID-m9cg-wd76-zqcy" }, { "vulnerability": "VCID-msru-ycnu-zuhe" }, { "vulnerability": "VCID-nn2y-9sk9-kugc" }, { "vulnerability": "VCID-q3bw-2pvk-17dg" }, { "vulnerability": "VCID-q97q-u1zk-rqhd" }, { "vulnerability": "VCID-r799-28wr-23bu" }, { "vulnerability": "VCID-s3s5-gwjg-rqgv" }, { "vulnerability": "VCID-v7s2-8wh8-kydw" }, { "vulnerability": "VCID-y61z-d6sj-qucc" }, { "vulnerability": "VCID-zfex-gefk-byfa" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:nuget/DotNetNuke.Core@9.11.0" } ], "aliases": [ "CVE-2022-2922", "GHSA-9w72-2f23-57gm" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-3b3m-76g5-5kfm" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/51854?format=api", "vulnerability_id": "VCID-3e7c-8uk1-ruch", "summary": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')\nStored Cross-Site Scripting in DotNetNuke (DNN) allows remote attackers to store and embed the malicious script into the admin notification page. The exploit could be used to perfom any action with admin privileges such as managing content, adding users, uploading backdoors to the server, etc. Successful exploitation occurs when an admin user visits a notification page with stored cross-site scripting.", "references": [ { "reference_url": "http://packetstormsecurity.com/files/154673/DotNetNuke-Cross-Site-Scripting.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://packetstormsecurity.com/files/154673/DotNetNuke-Cross-Site-Scripting.html" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-12562", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.38668", "scoring_system": "epss", "scoring_elements": "0.97339", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.38668", "scoring_system": "epss", "scoring_elements": "0.97334", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.38668", "scoring_system": "epss", "scoring_elements": "0.97338", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-12562" }, { "reference_url": "https://mayaseven.com/cve-2019-12562-stored-cross-site-scripting-in-dotnetnuke-dnn-version-v9-3-2", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://mayaseven.com/cve-2019-12562-stored-cross-site-scripting-in-dotnetnuke-dnn-version-v9-3-2" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/webapps/47448.py", "reference_id": "CVE-2019-12562", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/webapps/47448.py" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-12562", "reference_id": "CVE-2019-12562", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-12562" }, { "reference_url": "https://mayaseven.com/cve-2019-12562-stored-cross-site-scripting-in-dotnetnuke-dnn-version-v9-3-2/", "reference_id": "CVE-2019-12562-STORED-CROSS-SITE-SCRIPTING-IN-DOTNETNUKE-DNN-VERSION-V9-3-2", "reference_type": "", "scores": [], "url": "https://mayaseven.com/cve-2019-12562-stored-cross-site-scripting-in-dotnetnuke-dnn-version-v9-3-2/" }, { "reference_url": "https://github.com/advisories/GHSA-5whq-j5qg-wjvp", "reference_id": "GHSA-5whq-j5qg-wjvp", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-5whq-j5qg-wjvp" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/75993?format=api", "purl": "pkg:nuget/DotNetNuke.Core@9.4.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3b3m-76g5-5kfm" }, { "vulnerability": "VCID-7u59-m3nn-q3gj" }, { "vulnerability": "VCID-cs7y-gg46-r3ca" }, { "vulnerability": "VCID-e5pw-7tpb-qyb8" }, { "vulnerability": "VCID-erck-k36n-2yd2" }, { "vulnerability": "VCID-hdn9-z9eh-abfx" }, { "vulnerability": "VCID-k8b8-4muv-gye5" }, { "vulnerability": "VCID-ky3u-4syg-3yat" }, { "vulnerability": "VCID-m5hg-ajyc-3qf1" }, { "vulnerability": "VCID-m9cg-wd76-zqcy" }, { "vulnerability": "VCID-msru-ycnu-zuhe" }, { "vulnerability": "VCID-nn2y-9sk9-kugc" }, { "vulnerability": "VCID-pnw1-8knr-7qhc" }, { "vulnerability": "VCID-q3bw-2pvk-17dg" }, { "vulnerability": "VCID-q97q-u1zk-rqhd" }, { "vulnerability": "VCID-qscj-d21p-nfby" }, { "vulnerability": "VCID-r799-28wr-23bu" }, { "vulnerability": "VCID-s3s5-gwjg-rqgv" }, { "vulnerability": "VCID-uc59-7c8z-6kbd" }, { "vulnerability": "VCID-v7s2-8wh8-kydw" }, { "vulnerability": "VCID-y61z-d6sj-qucc" }, { "vulnerability": "VCID-y9ym-w5m9-e3bs" }, { "vulnerability": "VCID-zfex-gefk-byfa" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:nuget/DotNetNuke.Core@9.4.0" } ], "aliases": [ "CVE-2019-12562", "GHSA-5whq-j5qg-wjvp" ], "risk_score": 10.0, "exploitability": "2.0", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-3e7c-8uk1-ruch" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/89773?format=api", "vulnerability_id": "VCID-7u59-m3nn-q3gj", "summary": "DotNetNuke.Core has stored cross-site-scripting (XSS) via SVG upload\nDNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Prior to version 10.2.2, a user could upload a specially crafted SVG file that could include scripts that can target both authenticated and unauthenticated DNN users. The impact is increased if the scripts are run by a power user. Version 10.2.2 patches the issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-40321", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.0611", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.06122", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-40321" }, { "reference_url": "https://github.com/dnnsoftware/Dnn.Platform", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/dnnsoftware/Dnn.Platform" }, { "reference_url": "https://github.com/dnnsoftware/Dnn.Platform/releases/tag/v10.2.2", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H" }, { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-20T16:00:34Z/" } ], "url": "https://github.com/dnnsoftware/Dnn.Platform/releases/tag/v10.2.2" }, { "reference_url": "https://github.com/dnnsoftware/Dnn.Platform/security/advisories/GHSA-ffq7-898w-9jc4", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H" }, { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-20T16:00:34Z/" } ], "url": "https://github.com/dnnsoftware/Dnn.Platform/security/advisories/GHSA-ffq7-898w-9jc4" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-40321", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-40321" }, { "reference_url": "https://github.com/advisories/GHSA-ffq7-898w-9jc4", "reference_id": "GHSA-ffq7-898w-9jc4", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-ffq7-898w-9jc4" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/110262?format=api", "purl": "pkg:nuget/DotNetNuke.Core@10.2.2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:nuget/DotNetNuke.Core@10.2.2" } ], "aliases": [ "CVE-2026-40321", "GHSA-ffq7-898w-9jc4" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-7u59-m3nn-q3gj" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/49885?format=api", "vulnerability_id": "VCID-cs7y-gg46-r3ca", "summary": "DotNetNuke.Core Vulnerable to Stored XSS in Scheduler LogNotes\nExtensions could write richtext in log notes which can include scripts that would run in the PersonaBar when displayed.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-24836", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00017", "scoring_system": "epss", "scoring_elements": "0.04161", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-24836" }, { "reference_url": "https://github.com/dnnsoftware/Dnn.Platform", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/dnnsoftware/Dnn.Platform" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-24836", "reference_id": "CVE-2026-24836", "reference_type": "", "scores": [ { "value": "7.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-24836" }, { "reference_url": "https://github.com/advisories/GHSA-2g5g-hcgh-q3rp", "reference_id": "GHSA-2g5g-hcgh-q3rp", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-2g5g-hcgh-q3rp" }, { "reference_url": "https://github.com/dnnsoftware/Dnn.Platform/security/advisories/GHSA-2g5g-hcgh-q3rp", "reference_id": "GHSA-2g5g-hcgh-q3rp", "reference_type": "", "scores": [ { "value": "7.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H" }, { "value": "7.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-01-28T21:04:00Z/" } ], "url": "https://github.com/dnnsoftware/Dnn.Platform/security/advisories/GHSA-2g5g-hcgh-q3rp" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/73660?format=api", "purl": "pkg:nuget/DotNetNuke.Core@10.2.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-77qd-hb2k-8uam" }, { "vulnerability": "VCID-7u59-m3nn-q3gj" }, { "vulnerability": "VCID-k8b8-4muv-gye5" }, { "vulnerability": "VCID-s3s5-gwjg-rqgv" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:nuget/DotNetNuke.Core@10.2.0" } ], "aliases": [ "CVE-2026-24836", "GHSA-2g5g-hcgh-q3rp" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-cs7y-gg46-r3ca" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/41151?format=api", "vulnerability_id": "VCID-dnf9-9hrt-1qfx", "summary": "Inadequate Encryption Strength in DotNetNuke\nDNN (aka DotNetNuke) 9.2 through 9.2.1 uses a weak encryption algorithm to protect input parameters.", "references": [ { "reference_url": "http://packetstormsecurity.com/files/157080/DotNetNuke-Cookie-Deserialization-Remote-Code-Execution.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-02-04T20:15:46Z/" } ], "url": "http://packetstormsecurity.com/files/157080/DotNetNuke-Cookie-Deserialization-Remote-Code-Execution.html" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-15811", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.92962", "scoring_system": "epss", "scoring_elements": "0.99784", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.92962", "scoring_system": "epss", "scoring_elements": "0.99785", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-15811" }, { "reference_url": "https://github.com/dnnsoftware/Dnn.Platform/releases", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-02-04T20:15:46Z/" } ], "url": "https://github.com/dnnsoftware/Dnn.Platform/releases" }, { "reference_url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2018-15811", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2018-15811" }, { "reference_url": "https://www.dnnsoftware.com/community/security/security-center", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-02-04T20:15:46Z/" } ], "url": "https://www.dnnsoftware.com/community/security/security-center" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2018-15811", "reference_id": "CVE-2018-15811", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-15811" }, { "reference_url": "https://github.com/advisories/GHSA-h595-8pw6-5q6v", "reference_id": "GHSA-h595-8pw6-5q6v", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-h595-8pw6-5q6v" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/58277?format=api", "purl": "pkg:nuget/DotNetNuke.Core@9.2.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-uk5d-ubkt-6fhn" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:nuget/DotNetNuke.Core@9.2.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/58274?format=api", "purl": "pkg:nuget/DotNetNuke.Core@9.3.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3b3m-76g5-5kfm" }, { "vulnerability": "VCID-3e7c-8uk1-ruch" }, { "vulnerability": "VCID-7u59-m3nn-q3gj" }, { "vulnerability": "VCID-cs7y-gg46-r3ca" }, { "vulnerability": "VCID-e5pw-7tpb-qyb8" }, { "vulnerability": "VCID-erck-k36n-2yd2" }, { "vulnerability": "VCID-hdn9-z9eh-abfx" }, { "vulnerability": "VCID-k8b8-4muv-gye5" }, { "vulnerability": "VCID-ky3u-4syg-3yat" }, { "vulnerability": "VCID-m5hg-ajyc-3qf1" }, { "vulnerability": "VCID-m9cg-wd76-zqcy" }, { "vulnerability": "VCID-msru-ycnu-zuhe" }, { "vulnerability": "VCID-nn2y-9sk9-kugc" }, { "vulnerability": "VCID-pnw1-8knr-7qhc" }, { "vulnerability": "VCID-q3bw-2pvk-17dg" }, { "vulnerability": "VCID-q97q-u1zk-rqhd" }, { "vulnerability": "VCID-qscj-d21p-nfby" }, { "vulnerability": "VCID-r799-28wr-23bu" }, { "vulnerability": "VCID-s3s5-gwjg-rqgv" }, { "vulnerability": "VCID-uc59-7c8z-6kbd" }, { "vulnerability": "VCID-v7s2-8wh8-kydw" }, { "vulnerability": "VCID-y61z-d6sj-qucc" }, { "vulnerability": "VCID-y9ym-w5m9-e3bs" }, { "vulnerability": "VCID-zfex-gefk-byfa" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:nuget/DotNetNuke.Core@9.3.0" } ], "aliases": [ "CVE-2018-15811", "GHSA-h595-8pw6-5q6v" ], "risk_score": 10.0, "exploitability": "2.0", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-dnf9-9hrt-1qfx" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/48225?format=api", "vulnerability_id": "VCID-e5pw-7tpb-qyb8", "summary": "DNN vulnerable to stored cross-site-scripting (XSS) via SVG upload\nSanitization of the content of uploaded SVG files was not covering all possible XSS scenarios.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-64094", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00025", "scoring_system": "epss", "scoring_elements": "0.07548", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00025", "scoring_system": "epss", "scoring_elements": "0.0754", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-64094" }, { "reference_url": "https://github.com/dnnsoftware/Dnn.Platform", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/dnnsoftware/Dnn.Platform" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-64094", "reference_id": "CVE-2025-64094", "reference_type": "", "scores": [ { "value": "6.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-64094" }, { "reference_url": "https://github.com/advisories/GHSA-hmvq-8p83-cq52", "reference_id": "GHSA-hmvq-8p83-cq52", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-hmvq-8p83-cq52" }, { "reference_url": "https://github.com/dnnsoftware/Dnn.Platform/security/advisories/GHSA-hmvq-8p83-cq52", "reference_id": "GHSA-hmvq-8p83-cq52", "reference_type": "", "scores": [ { "value": "6.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-29T14:51:54Z/" } ], "url": "https://github.com/dnnsoftware/Dnn.Platform/security/advisories/GHSA-hmvq-8p83-cq52" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/71228?format=api", "purl": "pkg:nuget/DotNetNuke.Core@10.1.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-77qd-hb2k-8uam" }, { "vulnerability": "VCID-7u59-m3nn-q3gj" }, { "vulnerability": "VCID-cs7y-gg46-r3ca" }, { "vulnerability": "VCID-k8b8-4muv-gye5" }, { "vulnerability": "VCID-q3bw-2pvk-17dg" }, { "vulnerability": "VCID-q97q-u1zk-rqhd" }, { "vulnerability": "VCID-r799-28wr-23bu" }, { "vulnerability": "VCID-s3s5-gwjg-rqgv" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:nuget/DotNetNuke.Core@10.1.1" } ], "aliases": [ "CVE-2025-64094", "GHSA-hmvq-8p83-cq52" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-e5pw-7tpb-qyb8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/47830?format=api", "vulnerability_id": "VCID-erck-k36n-2yd2", "summary": "DNN allows loading unused themes on anonymous clients through query parameters\nArbitrary themes can be loaded through query parameters. If an installed theme had a vulnerability, even if it was not used on any page, this could be loaded on unsuspecting clients without knowledge of the site owner.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-59535", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00107", "scoring_system": "epss", "scoring_elements": "0.28453", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00107", "scoring_system": "epss", "scoring_elements": "0.28494", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-59535" }, { "reference_url": "https://dnncommunity.org/?SkinSrc=%5BG%5Dskins%2Fxcillion%2Fhome&ContainerSrc=%5BG%5DContainers%2FXcillion%2FNoTitle", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://dnncommunity.org/?SkinSrc=%5BG%5Dskins%2Fxcillion%2Fhome&ContainerSrc=%5BG%5DContainers%2FXcillion%2FNoTitle" }, { "reference_url": "https://github.com/dnnsoftware/Dnn.Platform", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/dnnsoftware/Dnn.Platform" }, { "reference_url": "https://github.com/dnnsoftware/Dnn.Platform/blob/develop/DNN%20Platform/Library/UI/Skins/Skin.cs#L305", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-09-23T20:08:12Z/" } ], "url": "https://github.com/dnnsoftware/Dnn.Platform/blob/develop/DNN%20Platform/Library/UI/Skins/Skin.cs#L305" }, { "reference_url": "https://github.com/dnnsoftware/Dnn.Platform/commit/72f30f69fd2214d77f6c2577dfcca495a24caf5c", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-09-23T20:08:12Z/" } ], "url": "https://github.com/dnnsoftware/Dnn.Platform/commit/72f30f69fd2214d77f6c2577dfcca495a24caf5c" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-59535", "reference_id": "CVE-2025-59535", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-59535" }, { "reference_url": "https://github.com/advisories/GHSA-wq2j-w9pm-7x2p", "reference_id": "GHSA-wq2j-w9pm-7x2p", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-wq2j-w9pm-7x2p" }, { "reference_url": "https://github.com/dnnsoftware/Dnn.Platform/security/advisories/GHSA-wq2j-w9pm-7x2p", "reference_id": "GHSA-wq2j-w9pm-7x2p", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-09-23T20:08:12Z/" } ], "url": "https://github.com/dnnsoftware/Dnn.Platform/security/advisories/GHSA-wq2j-w9pm-7x2p" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/70574?format=api", "purl": "pkg:nuget/DotNetNuke.Core@10.1.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-77qd-hb2k-8uam" }, { "vulnerability": "VCID-7u59-m3nn-q3gj" }, { "vulnerability": "VCID-cs7y-gg46-r3ca" }, { "vulnerability": "VCID-e5pw-7tpb-qyb8" }, { "vulnerability": "VCID-k8b8-4muv-gye5" }, { "vulnerability": "VCID-q3bw-2pvk-17dg" }, { "vulnerability": "VCID-q97q-u1zk-rqhd" }, { "vulnerability": "VCID-r799-28wr-23bu" }, { "vulnerability": "VCID-s3s5-gwjg-rqgv" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:nuget/DotNetNuke.Core@10.1.0" } ], "aliases": [ "CVE-2025-59535", "GHSA-wq2j-w9pm-7x2p" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-erck-k36n-2yd2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/57111?format=api", "vulnerability_id": "VCID-hdn9-z9eh-abfx", "summary": "DotNetNuke.Core Vulnerable to Server-Side Request Forgery (SSRF)\nA bypass has been identified for the previously known vulnerability CVE-2017-0929, allowing unauthenticated attackers to execute arbitrary GET requests against target systems, including internal or adjacent networks.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-32372", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00102", "scoring_system": "epss", "scoring_elements": "0.27663", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00102", "scoring_system": "epss", "scoring_elements": "0.27715", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-32372" }, { "reference_url": "https://github.com/dnnsoftware/Dnn.Platform", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/dnnsoftware/Dnn.Platform" }, { "reference_url": "https://github.com/dnnsoftware/Dnn.Platform/commit/4721dd9eef846936d3b1a3676499e46968d15feb", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-09T15:39:52Z/" } ], "url": "https://github.com/dnnsoftware/Dnn.Platform/commit/4721dd9eef846936d3b1a3676499e46968d15feb" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-32372", "reference_id": "CVE-2025-32372", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-32372" }, { "reference_url": "https://github.com/advisories/GHSA-3f7v-qx94-666m", "reference_id": "GHSA-3f7v-qx94-666m", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-3f7v-qx94-666m" }, { "reference_url": "https://github.com/dnnsoftware/Dnn.Platform/security/advisories/GHSA-3f7v-qx94-666m", "reference_id": "GHSA-3f7v-qx94-666m", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-09T15:39:52Z/" } ], "url": "https://github.com/dnnsoftware/Dnn.Platform/security/advisories/GHSA-3f7v-qx94-666m" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/84801?format=api", "purl": "pkg:nuget/DotNetNuke.Core@9.13.8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7u59-m3nn-q3gj" }, { "vulnerability": "VCID-cs7y-gg46-r3ca" }, { "vulnerability": "VCID-e5pw-7tpb-qyb8" }, { "vulnerability": "VCID-erck-k36n-2yd2" }, { "vulnerability": "VCID-k8b8-4muv-gye5" }, { "vulnerability": "VCID-m9cg-wd76-zqcy" }, { "vulnerability": "VCID-msru-ycnu-zuhe" }, { "vulnerability": "VCID-nn2y-9sk9-kugc" }, { "vulnerability": "VCID-q3bw-2pvk-17dg" }, { "vulnerability": "VCID-q97q-u1zk-rqhd" }, { "vulnerability": "VCID-r799-28wr-23bu" }, { "vulnerability": "VCID-s3s5-gwjg-rqgv" }, { "vulnerability": "VCID-v7s2-8wh8-kydw" }, { "vulnerability": "VCID-y61z-d6sj-qucc" }, { "vulnerability": "VCID-zfex-gefk-byfa" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:nuget/DotNetNuke.Core@9.13.8" } ], "aliases": [ "CVE-2025-32372", "GHSA-3f7v-qx94-666m" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-hdn9-z9eh-abfx" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/41144?format=api", "vulnerability_id": "VCID-jw1r-pvtw-d3bz", "summary": "Insufficient Entropy\nDNN (aka DotNetNuke) incorrectly converts encryption key source values, resulting in lower than expected entropy.", "references": [ { "reference_url": "http://packetstormsecurity.com/files/157080/DotNetNuke-Cookie-Deserialization-Remote-Code-Execution.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://packetstormsecurity.com/files/157080/DotNetNuke-Cookie-Deserialization-Remote-Code-Execution.html" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-15812", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.79178", "scoring_system": "epss", "scoring_elements": "0.99091", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.79178", "scoring_system": "epss", "scoring_elements": "0.99089", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.79178", "scoring_system": "epss", "scoring_elements": "0.9909", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-15812" }, { "reference_url": "https://github.com/dnnsoftware/Dnn.Platform/releases", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/dnnsoftware/Dnn.Platform/releases" }, { "reference_url": "https://www.dnnsoftware.com/community/security/security-center", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.dnnsoftware.com/community/security/security-center" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2018-15812", "reference_id": "CVE-2018-15812", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-15812" }, { "reference_url": "https://github.com/advisories/GHSA-pf46-gqg9-j3v3", "reference_id": "GHSA-pf46-gqg9-j3v3", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-pf46-gqg9-j3v3" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/238555?format=api", "purl": "pkg:nuget/DotNetNuke.Core@9.2.1.533", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2dnh-g597-juce" }, { "vulnerability": "VCID-3b3m-76g5-5kfm" }, { "vulnerability": "VCID-3e7c-8uk1-ruch" }, { "vulnerability": "VCID-7u59-m3nn-q3gj" }, { "vulnerability": "VCID-cs7y-gg46-r3ca" }, { "vulnerability": "VCID-dnf9-9hrt-1qfx" }, { "vulnerability": "VCID-e5pw-7tpb-qyb8" }, { "vulnerability": "VCID-erck-k36n-2yd2" }, { "vulnerability": "VCID-hdn9-z9eh-abfx" }, { "vulnerability": "VCID-k8b8-4muv-gye5" }, { "vulnerability": "VCID-ky3u-4syg-3yat" }, { "vulnerability": "VCID-m5hg-ajyc-3qf1" }, { "vulnerability": "VCID-m9cg-wd76-zqcy" }, { "vulnerability": "VCID-msru-ycnu-zuhe" }, { "vulnerability": "VCID-nn2y-9sk9-kugc" }, { "vulnerability": "VCID-pnw1-8knr-7qhc" }, { "vulnerability": "VCID-q3bw-2pvk-17dg" }, { "vulnerability": "VCID-q97q-u1zk-rqhd" }, { "vulnerability": "VCID-qscj-d21p-nfby" }, { "vulnerability": "VCID-r799-28wr-23bu" }, { "vulnerability": "VCID-s3s5-gwjg-rqgv" }, { "vulnerability": "VCID-uc59-7c8z-6kbd" }, { "vulnerability": "VCID-uk5d-ubkt-6fhn" }, { "vulnerability": "VCID-v7s2-8wh8-kydw" }, { "vulnerability": "VCID-y61z-d6sj-qucc" }, { "vulnerability": "VCID-y9ym-w5m9-e3bs" }, { "vulnerability": "VCID-zfex-gefk-byfa" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:nuget/DotNetNuke.Core@9.2.1.533" }, { "url": "http://public2.vulnerablecode.io/api/packages/58277?format=api", "purl": "pkg:nuget/DotNetNuke.Core@9.2.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-uk5d-ubkt-6fhn" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:nuget/DotNetNuke.Core@9.2.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/58274?format=api", "purl": "pkg:nuget/DotNetNuke.Core@9.3.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3b3m-76g5-5kfm" }, { "vulnerability": "VCID-3e7c-8uk1-ruch" }, { "vulnerability": "VCID-7u59-m3nn-q3gj" }, { "vulnerability": "VCID-cs7y-gg46-r3ca" }, { "vulnerability": "VCID-e5pw-7tpb-qyb8" }, { "vulnerability": "VCID-erck-k36n-2yd2" }, { "vulnerability": "VCID-hdn9-z9eh-abfx" }, { "vulnerability": "VCID-k8b8-4muv-gye5" }, { "vulnerability": "VCID-ky3u-4syg-3yat" }, { "vulnerability": "VCID-m5hg-ajyc-3qf1" }, { "vulnerability": "VCID-m9cg-wd76-zqcy" }, { "vulnerability": "VCID-msru-ycnu-zuhe" }, { "vulnerability": "VCID-nn2y-9sk9-kugc" }, { "vulnerability": "VCID-pnw1-8knr-7qhc" }, { "vulnerability": "VCID-q3bw-2pvk-17dg" }, { "vulnerability": "VCID-q97q-u1zk-rqhd" }, { "vulnerability": "VCID-qscj-d21p-nfby" }, { "vulnerability": "VCID-r799-28wr-23bu" }, { "vulnerability": "VCID-s3s5-gwjg-rqgv" }, { "vulnerability": "VCID-uc59-7c8z-6kbd" }, { "vulnerability": "VCID-v7s2-8wh8-kydw" }, { "vulnerability": "VCID-y61z-d6sj-qucc" }, { "vulnerability": "VCID-y9ym-w5m9-e3bs" }, { "vulnerability": "VCID-zfex-gefk-byfa" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:nuget/DotNetNuke.Core@9.3.0" } ], "aliases": [ "CVE-2018-15812", "GHSA-pf46-gqg9-j3v3" ], "risk_score": 10.0, "exploitability": "2.0", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-jw1r-pvtw-d3bz" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/90281?format=api", "vulnerability_id": "VCID-k8b8-4muv-gye5", "summary": "DNN: Force Friend Request Acceptance\nDNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Starting in version 6.0.0 and prior to version 10.2.2, in the friends feature, a user could craft a request that would force the acceptance of a friend request on another user. Version 10.2.2 patches the issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-40305", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00034", "scoring_system": "epss", "scoring_elements": "0.10515", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00034", "scoring_system": "epss", "scoring_elements": "0.10536", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-40305" }, { "reference_url": "https://github.com/dnnsoftware/Dnn.Platform", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/dnnsoftware/Dnn.Platform" }, { "reference_url": "https://github.com/dnnsoftware/Dnn.Platform/releases/tag/v10.2.2", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-20T13:22:45Z/" } ], "url": "https://github.com/dnnsoftware/Dnn.Platform/releases/tag/v10.2.2" }, { "reference_url": "https://github.com/dnnsoftware/Dnn.Platform/security/advisories/GHSA-fpj4-9qhx-5m6m", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-20T13:22:45Z/" } ], "url": "https://github.com/dnnsoftware/Dnn.Platform/security/advisories/GHSA-fpj4-9qhx-5m6m" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-40305", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-40305" }, { "reference_url": "https://github.com/advisories/GHSA-fpj4-9qhx-5m6m", "reference_id": "GHSA-fpj4-9qhx-5m6m", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-fpj4-9qhx-5m6m" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/110262?format=api", "purl": "pkg:nuget/DotNetNuke.Core@10.2.2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:nuget/DotNetNuke.Core@10.2.2" } ], "aliases": [ "CVE-2026-40305", "GHSA-fpj4-9qhx-5m6m" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-k8b8-4muv-gye5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/44931?format=api", "vulnerability_id": "VCID-ky3u-4syg-3yat", "summary": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')\nAn arbitrary file upload vulnerability in the Digital Assets Manager module of DNN Corp DotNetNuke v7.0.0 to v9.10.2 allows attackers to execute arbitrary code via a crafted SVG file.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-47053", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00738", "scoring_system": "epss", "scoring_elements": "0.73261", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00738", "scoring_system": "epss", "scoring_elements": "0.73224", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00738", "scoring_system": "epss", "scoring_elements": "0.73267", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-47053" }, { "reference_url": "https://www.dnnsoftware.com/community/security/security-center", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-10T16:43:29Z/" } ], "url": "https://www.dnnsoftware.com/community/security/security-center" }, { "reference_url": "https://www.dnnsoftware.com/community/security/security-center#:~:text=XSS%20in%20Digital%20Asset%20Manager", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-10T16:43:29Z/" } ], "url": "https://www.dnnsoftware.com/community/security/security-center#:~:text=XSS%20in%20Digital%20Asset%20Manager" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-47053", "reference_id": "CVE-2022-47053", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-47053" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/145123?format=api", "purl": "pkg:nuget/DotNetNuke.Core@9.11.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7u59-m3nn-q3gj" }, { "vulnerability": "VCID-cs7y-gg46-r3ca" }, { "vulnerability": "VCID-e5pw-7tpb-qyb8" }, { "vulnerability": "VCID-erck-k36n-2yd2" }, { "vulnerability": "VCID-hdn9-z9eh-abfx" }, { "vulnerability": "VCID-k8b8-4muv-gye5" }, { "vulnerability": "VCID-m9cg-wd76-zqcy" }, { "vulnerability": "VCID-msru-ycnu-zuhe" }, { "vulnerability": "VCID-nn2y-9sk9-kugc" }, { "vulnerability": "VCID-q3bw-2pvk-17dg" }, { "vulnerability": "VCID-q97q-u1zk-rqhd" }, { "vulnerability": "VCID-r799-28wr-23bu" }, { "vulnerability": "VCID-s3s5-gwjg-rqgv" }, { "vulnerability": "VCID-v7s2-8wh8-kydw" }, { "vulnerability": "VCID-y61z-d6sj-qucc" }, { "vulnerability": "VCID-zfex-gefk-byfa" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:nuget/DotNetNuke.Core@9.11.0" } ], "aliases": [ "CVE-2022-47053" ], "risk_score": 1.4, "exploitability": "0.5", "weighted_severity": "2.7", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ky3u-4syg-3yat" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/52287?format=api", "vulnerability_id": "VCID-m5hg-ajyc-3qf1", "summary": "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')\nDNN (formerly DotNetNuke) allows Path Traversal.", "references": [ { "reference_url": "http://packetstormsecurity.com/files/156489/DotNetNuke-CMS-9.4.4-Zip-Directory-Traversal.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://packetstormsecurity.com/files/156489/DotNetNuke-CMS-9.4.4-Zip-Directory-Traversal.html" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-5187", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00709", "scoring_system": "epss", "scoring_elements": "0.72638", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00709", "scoring_system": "epss", "scoring_elements": "0.72631", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00709", "scoring_system": "epss", "scoring_elements": "0.72591", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-5187" }, { "reference_url": "https://github.com/dnnsoftware/Dnn.Platform/releases", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/dnnsoftware/Dnn.Platform/releases" }, { "reference_url": "https://medium.com/@SajjadPourali/dnn-dotnetnuke-cms-not-as-secure-as-you-think-e8516f789175", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://medium.com/@SajjadPourali/dnn-dotnetnuke-cms-not-as-secure-as-you-think-e8516f789175" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-5187", "reference_id": "CVE-2020-5187", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-5187" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/76732?format=api", "purl": "pkg:nuget/DotNetNuke.Core@9.5.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3b3m-76g5-5kfm" }, { "vulnerability": "VCID-7u59-m3nn-q3gj" }, { "vulnerability": "VCID-cs7y-gg46-r3ca" }, { "vulnerability": "VCID-e5pw-7tpb-qyb8" }, { "vulnerability": "VCID-erck-k36n-2yd2" }, { "vulnerability": "VCID-hdn9-z9eh-abfx" }, { "vulnerability": "VCID-k8b8-4muv-gye5" }, { "vulnerability": "VCID-kcww-jwz6-97fa" }, { "vulnerability": "VCID-ky3u-4syg-3yat" }, { "vulnerability": "VCID-m9cg-wd76-zqcy" }, { "vulnerability": "VCID-msru-ycnu-zuhe" }, { "vulnerability": "VCID-nn2y-9sk9-kugc" }, { "vulnerability": "VCID-pnw1-8knr-7qhc" }, { "vulnerability": "VCID-q3bw-2pvk-17dg" }, { "vulnerability": "VCID-q97q-u1zk-rqhd" }, { "vulnerability": "VCID-r799-28wr-23bu" }, { "vulnerability": "VCID-s3s5-gwjg-rqgv" }, { "vulnerability": "VCID-uc59-7c8z-6kbd" }, { "vulnerability": "VCID-v7s2-8wh8-kydw" }, { "vulnerability": "VCID-y61z-d6sj-qucc" }, { "vulnerability": "VCID-zfex-gefk-byfa" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:nuget/DotNetNuke.Core@9.5.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/198370?format=api", "purl": "pkg:nuget/DotNetNuke.Core@9.13.0-ci0000", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7u59-m3nn-q3gj" }, { "vulnerability": "VCID-cs7y-gg46-r3ca" }, { "vulnerability": "VCID-e5pw-7tpb-qyb8" }, { "vulnerability": "VCID-erck-k36n-2yd2" }, { "vulnerability": "VCID-hdn9-z9eh-abfx" }, { "vulnerability": "VCID-k8b8-4muv-gye5" }, { "vulnerability": "VCID-m9cg-wd76-zqcy" }, { "vulnerability": "VCID-msru-ycnu-zuhe" }, { "vulnerability": "VCID-nn2y-9sk9-kugc" }, { "vulnerability": "VCID-q3bw-2pvk-17dg" }, { "vulnerability": "VCID-q97q-u1zk-rqhd" }, { "vulnerability": "VCID-r799-28wr-23bu" }, { "vulnerability": "VCID-s3s5-gwjg-rqgv" }, { "vulnerability": "VCID-v7s2-8wh8-kydw" }, { "vulnerability": "VCID-y61z-d6sj-qucc" }, { "vulnerability": "VCID-zfex-gefk-byfa" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:nuget/DotNetNuke.Core@9.13.0-ci0000" } ], "aliases": [ "CVE-2020-5187", "GHSA-4qf5-7xc2-wqpg" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-m5hg-ajyc-3qf1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/47823?format=api", "vulnerability_id": "VCID-m9cg-wd76-zqcy", "summary": "Duplicate\nThis advisory duplicates another.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-59539", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00027", "scoring_system": "epss", "scoring_elements": "0.08259", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00027", "scoring_system": "epss", "scoring_elements": "0.08247", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-59539" }, { "reference_url": "https://github.com/dnnsoftware/Dnn.Platform", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/dnnsoftware/Dnn.Platform" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-59539", "reference_id": "CVE-2025-59539", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-59539" }, { "reference_url": "https://github.com/advisories/GHSA-7rcc-q6rq-jpcm", "reference_id": "GHSA-7rcc-q6rq-jpcm", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-7rcc-q6rq-jpcm" }, { "reference_url": "https://github.com/dnnsoftware/Dnn.Platform/security/advisories/GHSA-7rcc-q6rq-jpcm", "reference_id": "GHSA-7rcc-q6rq-jpcm", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-23T18:30:23Z/" } ], "url": "https://github.com/dnnsoftware/Dnn.Platform/security/advisories/GHSA-7rcc-q6rq-jpcm" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/70574?format=api", "purl": "pkg:nuget/DotNetNuke.Core@10.1.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-77qd-hb2k-8uam" }, { "vulnerability": "VCID-7u59-m3nn-q3gj" }, { "vulnerability": "VCID-cs7y-gg46-r3ca" }, { "vulnerability": "VCID-e5pw-7tpb-qyb8" }, { "vulnerability": "VCID-k8b8-4muv-gye5" }, { "vulnerability": "VCID-q3bw-2pvk-17dg" }, { "vulnerability": "VCID-q97q-u1zk-rqhd" }, { "vulnerability": "VCID-r799-28wr-23bu" }, { "vulnerability": "VCID-s3s5-gwjg-rqgv" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:nuget/DotNetNuke.Core@10.1.0" } ], "aliases": [ "CVE-2025-59539", "GHSA-7rcc-q6rq-jpcm" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-m9cg-wd76-zqcy" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/47837?format=api", "vulnerability_id": "VCID-msru-ycnu-zuhe", "summary": "DNN Vulnerable to Stored Cross-Site Scripting (XSS) in the Prompt module\nThe Prompt module allows execution of commands that can return raw HTML. Malicious input, even if sanitized for display elsewhere, can be executed when processed through certain commands, leading to potential script execution (XSS).", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-59545", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00071", "scoring_system": "epss", "scoring_elements": "0.2186", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00071", "scoring_system": "epss", "scoring_elements": "0.21872", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-59545" }, { "reference_url": "https://github.com/dnnsoftware/Dnn.Platform", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/dnnsoftware/Dnn.Platform" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-59545", "reference_id": "CVE-2025-59545", "reference_type": "", "scores": [ { "value": "9.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-59545" }, { "reference_url": "https://github.com/advisories/GHSA-2qxc-mf4x-wr29", "reference_id": "GHSA-2qxc-mf4x-wr29", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-2qxc-mf4x-wr29" }, { "reference_url": "https://github.com/dnnsoftware/Dnn.Platform/security/advisories/GHSA-2qxc-mf4x-wr29", "reference_id": "GHSA-2qxc-mf4x-wr29", "reference_type": "", "scores": [ { "value": "9.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H" }, { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-09-23T18:30:12Z/" } ], "url": "https://github.com/dnnsoftware/Dnn.Platform/security/advisories/GHSA-2qxc-mf4x-wr29" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/70574?format=api", "purl": "pkg:nuget/DotNetNuke.Core@10.1.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-77qd-hb2k-8uam" }, { "vulnerability": "VCID-7u59-m3nn-q3gj" }, { "vulnerability": "VCID-cs7y-gg46-r3ca" }, { "vulnerability": "VCID-e5pw-7tpb-qyb8" }, { "vulnerability": "VCID-k8b8-4muv-gye5" }, { "vulnerability": "VCID-q3bw-2pvk-17dg" }, { "vulnerability": "VCID-q97q-u1zk-rqhd" }, { "vulnerability": "VCID-r799-28wr-23bu" }, { "vulnerability": "VCID-s3s5-gwjg-rqgv" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:nuget/DotNetNuke.Core@10.1.0" } ], "aliases": [ "CVE-2025-59545", "GHSA-2qxc-mf4x-wr29" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-msru-ycnu-zuhe" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/57341?format=api", "vulnerability_id": "VCID-nn2y-9sk9-kugc", "summary": "DNN allows Stored Cross-Site Scripting (XSS) with svg files rendered inline\nUploaded SVG files could contain scripts and if rendered inline those scripts could run allowing XSS attacks.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-48378", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00055", "scoring_system": "epss", "scoring_elements": "0.17667", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00055", "scoring_system": "epss", "scoring_elements": "0.17673", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-48378" }, { "reference_url": "https://github.com/dnnsoftware/Dnn.Platform", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/dnnsoftware/Dnn.Platform" }, { "reference_url": "https://github.com/dnnsoftware/Dnn.Platform/commit/cfed83c291d5e5072b2fa70924a8b7c35b1cdf9e", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-23T16:00:53Z/" } ], "url": "https://github.com/dnnsoftware/Dnn.Platform/commit/cfed83c291d5e5072b2fa70924a8b7c35b1cdf9e" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-48378", "reference_id": "CVE-2025-48378", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-48378" }, { "reference_url": "https://github.com/advisories/GHSA-m4hf-fxcg-cp34", "reference_id": "GHSA-m4hf-fxcg-cp34", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-m4hf-fxcg-cp34" }, { "reference_url": "https://github.com/dnnsoftware/Dnn.Platform/security/advisories/GHSA-m4hf-fxcg-cp34", "reference_id": "GHSA-m4hf-fxcg-cp34", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-23T16:00:53Z/" } ], "url": "https://github.com/dnnsoftware/Dnn.Platform/security/advisories/GHSA-m4hf-fxcg-cp34" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/73694?format=api", "purl": "pkg:nuget/DotNetNuke.Core@9.13.9", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7u59-m3nn-q3gj" }, { "vulnerability": "VCID-cs7y-gg46-r3ca" }, { "vulnerability": "VCID-e5pw-7tpb-qyb8" }, { "vulnerability": "VCID-erck-k36n-2yd2" }, { "vulnerability": "VCID-k8b8-4muv-gye5" }, { "vulnerability": "VCID-m9cg-wd76-zqcy" }, { "vulnerability": "VCID-msru-ycnu-zuhe" }, { "vulnerability": "VCID-q3bw-2pvk-17dg" }, { "vulnerability": "VCID-q97q-u1zk-rqhd" }, { "vulnerability": "VCID-r799-28wr-23bu" }, { "vulnerability": "VCID-s3s5-gwjg-rqgv" }, { "vulnerability": "VCID-y61z-d6sj-qucc" }, { "vulnerability": "VCID-zfex-gefk-byfa" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:nuget/DotNetNuke.Core@9.13.9" } ], "aliases": [ "CVE-2025-48378", "GHSA-m4hf-fxcg-cp34" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-nn2y-9sk9-kugc" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/247801?format=api", "vulnerability_id": "VCID-pnw1-8knr-7qhc", "summary": "", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-40186", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00311", "scoring_system": "epss", "scoring_elements": "0.54618", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00311", "scoring_system": "epss", "scoring_elements": "0.54676", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00311", "scoring_system": "epss", "scoring_elements": "0.54687", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-40186" }, { "reference_url": "https://appcheck-ng.com/dnn-cms-server-side-request-forgery-cve-2021-40186", "reference_id": "", "reference_type": "", "scores": [], "url": "https://appcheck-ng.com/dnn-cms-server-side-request-forgery-cve-2021-40186" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-40186", "reference_id": "CVE-2021-40186", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-40186" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/198370?format=api", "purl": "pkg:nuget/DotNetNuke.Core@9.13.0-ci0000", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7u59-m3nn-q3gj" }, { "vulnerability": "VCID-cs7y-gg46-r3ca" }, { "vulnerability": "VCID-e5pw-7tpb-qyb8" }, { "vulnerability": "VCID-erck-k36n-2yd2" }, { "vulnerability": "VCID-hdn9-z9eh-abfx" }, { "vulnerability": "VCID-k8b8-4muv-gye5" }, { "vulnerability": "VCID-m9cg-wd76-zqcy" }, { "vulnerability": "VCID-msru-ycnu-zuhe" }, { "vulnerability": "VCID-nn2y-9sk9-kugc" }, { "vulnerability": "VCID-q3bw-2pvk-17dg" }, { "vulnerability": "VCID-q97q-u1zk-rqhd" }, { "vulnerability": "VCID-r799-28wr-23bu" }, { "vulnerability": "VCID-s3s5-gwjg-rqgv" }, { "vulnerability": "VCID-v7s2-8wh8-kydw" }, { "vulnerability": "VCID-y61z-d6sj-qucc" }, { "vulnerability": "VCID-zfex-gefk-byfa" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:nuget/DotNetNuke.Core@9.13.0-ci0000" } ], "aliases": [ "CVE-2021-40186" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-pnw1-8knr-7qhc" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/49880?format=api", "vulnerability_id": "VCID-q3bw-2pvk-17dg", "summary": "DotNetNuke.Core Vulnerable to Stored XSS in Module Deletion Confirmation Modal\nA module friendly name could include scripts that will run during some module operations in the Persona Bar.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-24837", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00017", "scoring_system": "epss", "scoring_elements": "0.04161", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-24837" }, { "reference_url": "https://github.com/dnnsoftware/Dnn.Platform", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/dnnsoftware/Dnn.Platform" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-24837", "reference_id": "CVE-2026-24837", "reference_type": "", "scores": [ { "value": "7.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-24837" }, { "reference_url": "https://github.com/advisories/GHSA-vm5q-8qww-h238", "reference_id": "GHSA-vm5q-8qww-h238", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-vm5q-8qww-h238" }, { "reference_url": "https://github.com/dnnsoftware/Dnn.Platform/security/advisories/GHSA-vm5q-8qww-h238", "reference_id": "GHSA-vm5q-8qww-h238", "reference_type": "", "scores": [ { "value": "7.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H" }, { "value": "7.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-01-28T21:02:52Z/" } ], "url": "https://github.com/dnnsoftware/Dnn.Platform/security/advisories/GHSA-vm5q-8qww-h238" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/73660?format=api", "purl": "pkg:nuget/DotNetNuke.Core@10.2.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-77qd-hb2k-8uam" }, { "vulnerability": "VCID-7u59-m3nn-q3gj" }, { "vulnerability": "VCID-k8b8-4muv-gye5" }, { "vulnerability": "VCID-s3s5-gwjg-rqgv" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:nuget/DotNetNuke.Core@10.2.0" } ], "aliases": [ "CVE-2026-24837", "GHSA-vm5q-8qww-h238" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-q3bw-2pvk-17dg" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/49878?format=api", "vulnerability_id": "VCID-q97q-u1zk-rqhd", "summary": "DotNetNuke.Core has a potential XSS vulnerability in modules' header and footer\nA content editor could inject scripts in module headers/footers that would run for other users.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-24784", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00054", "scoring_system": "epss", "scoring_elements": "0.17192", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00054", "scoring_system": "epss", "scoring_elements": "0.17196", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-24784" }, { "reference_url": "https://github.com/dnnsoftware/Dnn.Platform", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/dnnsoftware/Dnn.Platform" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-24784", "reference_id": "CVE-2026-24784", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-24784" }, { "reference_url": "https://github.com/advisories/GHSA-jjwg-4948-6wxp", "reference_id": "GHSA-jjwg-4948-6wxp", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-jjwg-4948-6wxp" }, { "reference_url": "https://github.com/dnnsoftware/Dnn.Platform/security/advisories/GHSA-jjwg-4948-6wxp", "reference_id": "GHSA-jjwg-4948-6wxp", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N" }, { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-28T15:06:32Z/" } ], "url": "https://github.com/dnnsoftware/Dnn.Platform/security/advisories/GHSA-jjwg-4948-6wxp" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/73659?format=api", "purl": "pkg:nuget/DotNetNuke.Core@9.13.10", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:nuget/DotNetNuke.Core@9.13.10" }, { "url": "http://public2.vulnerablecode.io/api/packages/73660?format=api", "purl": "pkg:nuget/DotNetNuke.Core@10.2.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-77qd-hb2k-8uam" }, { "vulnerability": "VCID-7u59-m3nn-q3gj" }, { "vulnerability": "VCID-k8b8-4muv-gye5" }, { "vulnerability": "VCID-s3s5-gwjg-rqgv" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:nuget/DotNetNuke.Core@10.2.0" } ], "aliases": [ "CVE-2026-24784", "GHSA-jjwg-4948-6wxp" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-q97q-u1zk-rqhd" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/52279?format=api", "vulnerability_id": "VCID-qscj-d21p-nfby", "summary": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')\nDNN (formerly DotNetNuke) allows XSS.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-5186", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00353", "scoring_system": "epss", "scoring_elements": "0.57934", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00353", "scoring_system": "epss", "scoring_elements": "0.57994", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00353", "scoring_system": "epss", "scoring_elements": "0.57986", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-5186" }, { "reference_url": "https://github.com/dnnsoftware/Dnn.Platform/releases", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/dnnsoftware/Dnn.Platform/releases" }, { "reference_url": "https://medium.com/@SajjadPourali/dnn-dotnetnuke-cms-not-as-secure-as-you-think-e8516f789175", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://medium.com/@SajjadPourali/dnn-dotnetnuke-cms-not-as-secure-as-you-think-e8516f789175" }, { "reference_url": "https://packetstormsecurity.com/files/156483/DotNetNuke-CMS-9.5.0-Cross-Site-Scripting.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://packetstormsecurity.com/files/156483/DotNetNuke-CMS-9.5.0-Cross-Site-Scripting.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-5186", "reference_id": "CVE-2020-5186", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-5186" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/76732?format=api", "purl": "pkg:nuget/DotNetNuke.Core@9.5.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3b3m-76g5-5kfm" }, { "vulnerability": "VCID-7u59-m3nn-q3gj" }, { "vulnerability": "VCID-cs7y-gg46-r3ca" }, { "vulnerability": "VCID-e5pw-7tpb-qyb8" }, { "vulnerability": "VCID-erck-k36n-2yd2" }, { "vulnerability": "VCID-hdn9-z9eh-abfx" }, { "vulnerability": "VCID-k8b8-4muv-gye5" }, { "vulnerability": "VCID-kcww-jwz6-97fa" }, { "vulnerability": "VCID-ky3u-4syg-3yat" }, { "vulnerability": "VCID-m9cg-wd76-zqcy" }, { "vulnerability": "VCID-msru-ycnu-zuhe" }, { "vulnerability": "VCID-nn2y-9sk9-kugc" }, { "vulnerability": "VCID-pnw1-8knr-7qhc" }, { "vulnerability": "VCID-q3bw-2pvk-17dg" }, { "vulnerability": "VCID-q97q-u1zk-rqhd" }, { "vulnerability": "VCID-r799-28wr-23bu" }, { "vulnerability": "VCID-s3s5-gwjg-rqgv" }, { "vulnerability": "VCID-uc59-7c8z-6kbd" }, { "vulnerability": "VCID-v7s2-8wh8-kydw" }, { "vulnerability": "VCID-y61z-d6sj-qucc" }, { "vulnerability": "VCID-zfex-gefk-byfa" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:nuget/DotNetNuke.Core@9.5.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/198370?format=api", "purl": "pkg:nuget/DotNetNuke.Core@9.13.0-ci0000", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7u59-m3nn-q3gj" }, { "vulnerability": "VCID-cs7y-gg46-r3ca" }, { "vulnerability": "VCID-e5pw-7tpb-qyb8" }, { "vulnerability": "VCID-erck-k36n-2yd2" }, { "vulnerability": "VCID-hdn9-z9eh-abfx" }, { "vulnerability": "VCID-k8b8-4muv-gye5" }, { "vulnerability": "VCID-m9cg-wd76-zqcy" }, { "vulnerability": "VCID-msru-ycnu-zuhe" }, { "vulnerability": "VCID-nn2y-9sk9-kugc" }, { "vulnerability": "VCID-q3bw-2pvk-17dg" }, { "vulnerability": "VCID-q97q-u1zk-rqhd" }, { "vulnerability": "VCID-r799-28wr-23bu" }, { "vulnerability": "VCID-s3s5-gwjg-rqgv" }, { "vulnerability": "VCID-v7s2-8wh8-kydw" }, { "vulnerability": "VCID-y61z-d6sj-qucc" }, { "vulnerability": "VCID-zfex-gefk-byfa" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:nuget/DotNetNuke.Core@9.13.0-ci0000" } ], "aliases": [ "CVE-2020-5186", "GHSA-9phr-h5mx-4fp6" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-qscj-d21p-nfby" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/49871?format=api", "vulnerability_id": "VCID-r799-28wr-23bu", "summary": "DotNetNuke.Core Vulnerable to Stored XSS via Module Title\nModule title supports richtext which could include scripts that would execute in certain scenarios.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-24838", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00055", "scoring_system": "epss", "scoring_elements": "0.17496", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00055", "scoring_system": "epss", "scoring_elements": "0.175", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-24838" }, { "reference_url": "https://github.com/dnnsoftware/Dnn.Platform", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/dnnsoftware/Dnn.Platform" }, { "reference_url": "https://github.com/dnnsoftware/Dnn.Platform/commit/4a4bcbcdf3cedbf702816f8168c4d51bf688f7f6", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/dnnsoftware/Dnn.Platform/commit/4a4bcbcdf3cedbf702816f8168c4d51bf688f7f6" }, { "reference_url": "https://github.com/dnnsoftware/Dnn.Platform/releases/tag/v10.2.0", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/dnnsoftware/Dnn.Platform/releases/tag/v10.2.0" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-24838", "reference_id": "CVE-2026-24838", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-24838" }, { "reference_url": "https://github.com/advisories/GHSA-w9pf-h6m6-v89h", "reference_id": "GHSA-w9pf-h6m6-v89h", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-w9pf-h6m6-v89h" }, { "reference_url": "https://github.com/dnnsoftware/Dnn.Platform/security/advisories/GHSA-w9pf-h6m6-v89h", "reference_id": "GHSA-w9pf-h6m6-v89h", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-01-28T15:03:11Z/" } ], "url": "https://github.com/dnnsoftware/Dnn.Platform/security/advisories/GHSA-w9pf-h6m6-v89h" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/73659?format=api", "purl": "pkg:nuget/DotNetNuke.Core@9.13.10", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:nuget/DotNetNuke.Core@9.13.10" }, { "url": "http://public2.vulnerablecode.io/api/packages/73660?format=api", "purl": "pkg:nuget/DotNetNuke.Core@10.2.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-77qd-hb2k-8uam" }, { "vulnerability": "VCID-7u59-m3nn-q3gj" }, { "vulnerability": "VCID-k8b8-4muv-gye5" }, { "vulnerability": "VCID-s3s5-gwjg-rqgv" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:nuget/DotNetNuke.Core@10.2.0" } ], "aliases": [ "CVE-2026-24838", "GHSA-w9pf-h6m6-v89h" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-r799-28wr-23bu" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/90191?format=api", "vulnerability_id": "VCID-s3s5-gwjg-rqgv", "summary": "DotNetNuke.Core security code analysis rules triggered\nThe codebase raises code analysis warnings related to security, including CA3075, CA5366, CA5371, CA5368, CA5369, CA5372, CA5379, CA5350, and CA5351.\n\nMost of these deal with disabling DTD processing in XML documents, but also includes cryptographic algorithm choices.", "references": [ { "reference_url": "https://github.com/dnnsoftware/Dnn.Platform", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/dnnsoftware/Dnn.Platform" }, { "reference_url": "https://github.com/dnnsoftware/Dnn.Platform/security/advisories/GHSA-fcpv-w245-r2q7", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/dnnsoftware/Dnn.Platform/security/advisories/GHSA-fcpv-w245-r2q7" }, { "reference_url": "https://github.com/advisories/GHSA-fcpv-w245-r2q7", "reference_id": "GHSA-fcpv-w245-r2q7", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-fcpv-w245-r2q7" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/110262?format=api", "purl": "pkg:nuget/DotNetNuke.Core@10.2.2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:nuget/DotNetNuke.Core@10.2.2" } ], "aliases": [ "GHSA-fcpv-w245-r2q7" ], "risk_score": 1.4, "exploitability": "0.5", "weighted_severity": "2.7", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-s3s5-gwjg-rqgv" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/243329?format=api", "vulnerability_id": "VCID-uc59-7c8z-6kbd", "summary": "", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-31858", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00234", "scoring_system": "epss", "scoring_elements": "0.46422", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00234", "scoring_system": "epss", "scoring_elements": "0.46488", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00234", "scoring_system": "epss", "scoring_elements": "0.4649", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-31858" }, { "reference_url": "https://www.dnnsoftware.com/community/security/security-center", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.dnnsoftware.com/community/security/security-center" }, { "reference_url": "https://labs.integrity.pt/advisories/cve-2021-31858/", "reference_id": "CVE-2021-31858", "reference_type": "", "scores": [], "url": "https://labs.integrity.pt/advisories/cve-2021-31858/" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-31858", "reference_id": "CVE-2021-31858", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-31858" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/198370?format=api", "purl": "pkg:nuget/DotNetNuke.Core@9.13.0-ci0000", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7u59-m3nn-q3gj" }, { "vulnerability": "VCID-cs7y-gg46-r3ca" }, { "vulnerability": "VCID-e5pw-7tpb-qyb8" }, { "vulnerability": "VCID-erck-k36n-2yd2" }, { "vulnerability": "VCID-hdn9-z9eh-abfx" }, { "vulnerability": "VCID-k8b8-4muv-gye5" }, { "vulnerability": "VCID-m9cg-wd76-zqcy" }, { "vulnerability": "VCID-msru-ycnu-zuhe" }, { "vulnerability": "VCID-nn2y-9sk9-kugc" }, { "vulnerability": "VCID-q3bw-2pvk-17dg" }, { "vulnerability": "VCID-q97q-u1zk-rqhd" }, { "vulnerability": "VCID-r799-28wr-23bu" }, { "vulnerability": "VCID-s3s5-gwjg-rqgv" }, { "vulnerability": "VCID-v7s2-8wh8-kydw" }, { "vulnerability": "VCID-y61z-d6sj-qucc" }, { "vulnerability": "VCID-zfex-gefk-byfa" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:nuget/DotNetNuke.Core@9.13.0-ci0000" } ], "aliases": [ "CVE-2021-31858" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-uc59-7c8z-6kbd" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/41147?format=api", "vulnerability_id": "VCID-uk5d-ubkt-6fhn", "summary": "Insufficient Entropy\nDNN (aka DotNetNuke) incorrectly converts encryption key source values, resulting in lower than expected entropy. NOTE: this issue exists because of an incomplete fix for CVE-2018-15812.", "references": [ { "reference_url": "http://packetstormsecurity.com/files/157080/DotNetNuke-Cookie-Deserialization-Remote-Code-Execution.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://packetstormsecurity.com/files/157080/DotNetNuke-Cookie-Deserialization-Remote-Code-Execution.html" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-18326", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.75829", "scoring_system": "epss", "scoring_elements": "0.9893", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.75829", "scoring_system": "epss", "scoring_elements": "0.98927", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.75829", "scoring_system": "epss", "scoring_elements": "0.98929", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-18326" }, { "reference_url": "https://github.com/dnnsoftware/Dnn.Platform/releases", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/dnnsoftware/Dnn.Platform/releases" }, { "reference_url": "https://www.dnnsoftware.com/community/security/security-center", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.dnnsoftware.com/community/security/security-center" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2018-18326", "reference_id": "CVE-2018-18326", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-18326" }, { "reference_url": "https://github.com/advisories/GHSA-xx3h-j3cx-8qfj", "reference_id": "GHSA-xx3h-j3cx-8qfj", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-xx3h-j3cx-8qfj" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/58274?format=api", "purl": "pkg:nuget/DotNetNuke.Core@9.3.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3b3m-76g5-5kfm" }, { "vulnerability": "VCID-3e7c-8uk1-ruch" }, { "vulnerability": "VCID-7u59-m3nn-q3gj" }, { "vulnerability": "VCID-cs7y-gg46-r3ca" }, { "vulnerability": "VCID-e5pw-7tpb-qyb8" }, { "vulnerability": "VCID-erck-k36n-2yd2" }, { "vulnerability": "VCID-hdn9-z9eh-abfx" }, { "vulnerability": "VCID-k8b8-4muv-gye5" }, { "vulnerability": "VCID-ky3u-4syg-3yat" }, { "vulnerability": "VCID-m5hg-ajyc-3qf1" }, { "vulnerability": "VCID-m9cg-wd76-zqcy" }, { "vulnerability": "VCID-msru-ycnu-zuhe" }, { "vulnerability": "VCID-nn2y-9sk9-kugc" }, { "vulnerability": "VCID-pnw1-8knr-7qhc" }, { "vulnerability": "VCID-q3bw-2pvk-17dg" }, { "vulnerability": "VCID-q97q-u1zk-rqhd" }, { "vulnerability": "VCID-qscj-d21p-nfby" }, { "vulnerability": "VCID-r799-28wr-23bu" }, { "vulnerability": "VCID-s3s5-gwjg-rqgv" }, { "vulnerability": "VCID-uc59-7c8z-6kbd" }, { "vulnerability": "VCID-v7s2-8wh8-kydw" }, { "vulnerability": "VCID-y61z-d6sj-qucc" }, { "vulnerability": "VCID-y9ym-w5m9-e3bs" }, { "vulnerability": "VCID-zfex-gefk-byfa" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:nuget/DotNetNuke.Core@9.3.0" } ], "aliases": [ "CVE-2018-18326", "GHSA-xx3h-j3cx-8qfj" ], "risk_score": 10.0, "exploitability": "2.0", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-uk5d-ubkt-6fhn" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/57339?format=api", "vulnerability_id": "VCID-v7s2-8wh8-kydw", "summary": "Reflected Cross-Site Scripting (XSS) in module actions in edit mode\nA specially crafted URL may be constructed which can inject an XSS payload that is triggered by using some module actions.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-48377", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00141", "scoring_system": "epss", "scoring_elements": "0.33988", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00141", "scoring_system": "epss", "scoring_elements": "0.34003", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-48377" }, { "reference_url": "https://github.com/dnnsoftware/Dnn.Platform", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.0", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/dnnsoftware/Dnn.Platform" }, { "reference_url": "https://github.com/dnnsoftware/Dnn.Platform/commit/351b166492ad4b6509c273dc83211d52238e31a7", "reference_id": "", "reference_type": "", "scores": [ { "value": "6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N" }, { "value": "6.0", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-23T15:51:04Z/" } ], "url": "https://github.com/dnnsoftware/Dnn.Platform/commit/351b166492ad4b6509c273dc83211d52238e31a7" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-48377", "reference_id": "CVE-2025-48377", "reference_type": "", "scores": [ { "value": "6.0", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-48377" }, { "reference_url": "https://github.com/advisories/GHSA-79m3-rvx2-3qq9", "reference_id": "GHSA-79m3-rvx2-3qq9", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-79m3-rvx2-3qq9" }, { "reference_url": "https://github.com/dnnsoftware/Dnn.Platform/security/advisories/GHSA-79m3-rvx2-3qq9", "reference_id": "GHSA-79m3-rvx2-3qq9", "reference_type": "", "scores": [ { "value": "6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N" }, { "value": "6.0", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-23T15:51:04Z/" } ], "url": "https://github.com/dnnsoftware/Dnn.Platform/security/advisories/GHSA-79m3-rvx2-3qq9" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/73694?format=api", "purl": "pkg:nuget/DotNetNuke.Core@9.13.9", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7u59-m3nn-q3gj" }, { "vulnerability": "VCID-cs7y-gg46-r3ca" }, { "vulnerability": "VCID-e5pw-7tpb-qyb8" }, { "vulnerability": "VCID-erck-k36n-2yd2" }, { "vulnerability": "VCID-k8b8-4muv-gye5" }, { "vulnerability": "VCID-m9cg-wd76-zqcy" }, { "vulnerability": "VCID-msru-ycnu-zuhe" }, { "vulnerability": "VCID-q3bw-2pvk-17dg" }, { "vulnerability": "VCID-q97q-u1zk-rqhd" }, { "vulnerability": "VCID-r799-28wr-23bu" }, { "vulnerability": "VCID-s3s5-gwjg-rqgv" }, { "vulnerability": "VCID-y61z-d6sj-qucc" }, { "vulnerability": "VCID-zfex-gefk-byfa" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:nuget/DotNetNuke.Core@9.13.9" } ], "aliases": [ "CVE-2025-48377", "GHSA-79m3-rvx2-3qq9" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-v7s2-8wh8-kydw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/47841?format=api", "vulnerability_id": "VCID-y61z-d6sj-qucc", "summary": "DNN vulnerable to Reflected Cross-Site Scripting (XSS) using url to profile\nA reflected cross-site scripting (XSS) vulnerability exists under certain conditions, using a specially crafter url to view a user profile", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-59821", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00031", "scoring_system": "epss", "scoring_elements": "0.09416", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00031", "scoring_system": "epss", "scoring_elements": "0.09399", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-59821" }, { "reference_url": "https://github.com/dnnsoftware/Dnn.Platform", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/dnnsoftware/Dnn.Platform" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-59821", "reference_id": "CVE-2025-59821", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-59821" }, { "reference_url": "https://github.com/advisories/GHSA-jc4g-c8ww-5738", "reference_id": "GHSA-jc4g-c8ww-5738", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-jc4g-c8ww-5738" }, { "reference_url": "https://github.com/dnnsoftware/Dnn.Platform/security/advisories/GHSA-jc4g-c8ww-5738", "reference_id": "GHSA-jc4g-c8ww-5738", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-23T18:29:53Z/" } ], "url": "https://github.com/dnnsoftware/Dnn.Platform/security/advisories/GHSA-jc4g-c8ww-5738" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/70574?format=api", "purl": "pkg:nuget/DotNetNuke.Core@10.1.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-77qd-hb2k-8uam" }, { "vulnerability": "VCID-7u59-m3nn-q3gj" }, { "vulnerability": "VCID-cs7y-gg46-r3ca" }, { "vulnerability": "VCID-e5pw-7tpb-qyb8" }, { "vulnerability": "VCID-k8b8-4muv-gye5" }, { "vulnerability": "VCID-q3bw-2pvk-17dg" }, { "vulnerability": "VCID-q97q-u1zk-rqhd" }, { "vulnerability": "VCID-r799-28wr-23bu" }, { "vulnerability": "VCID-s3s5-gwjg-rqgv" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:nuget/DotNetNuke.Core@10.1.0" } ], "aliases": [ "CVE-2025-59821", "GHSA-jc4g-c8ww-5738" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-y61z-d6sj-qucc" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/52289?format=api", "vulnerability_id": "VCID-y9ym-w5m9-e3bs", "summary": "Incorrect Resource Transfer Between Spheres\nDNN (formerly DotNetNuke) has Insecure Permissions.", "references": [ { "reference_url": "http://packetstormsecurity.com/files/156484/DotNetNuke-CMS-9.5.0-File-Extension-Check-Bypass.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://packetstormsecurity.com/files/156484/DotNetNuke-CMS-9.5.0-File-Extension-Check-Bypass.html" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-5188", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00254", "scoring_system": "epss", "scoring_elements": "0.48956", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00254", "scoring_system": "epss", "scoring_elements": "0.48947", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00254", "scoring_system": "epss", "scoring_elements": "0.48886", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-5188" }, { "reference_url": "https://github.com/dnnsoftware/Dnn.Platform", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/dnnsoftware/Dnn.Platform" }, { "reference_url": "https://github.com/dnnsoftware/Dnn.Platform/releases", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/dnnsoftware/Dnn.Platform/releases" }, { "reference_url": "https://medium.com/@SajjadPourali/dnn-dotnetnuke-cms-not-as-secure-as-you-think-e8516f789175", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://medium.com/@SajjadPourali/dnn-dotnetnuke-cms-not-as-secure-as-you-think-e8516f789175" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-5188", "reference_id": "CVE-2020-5188", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-5188" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/76732?format=api", "purl": "pkg:nuget/DotNetNuke.Core@9.5.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3b3m-76g5-5kfm" }, { "vulnerability": "VCID-7u59-m3nn-q3gj" }, { "vulnerability": "VCID-cs7y-gg46-r3ca" }, { "vulnerability": "VCID-e5pw-7tpb-qyb8" }, { "vulnerability": "VCID-erck-k36n-2yd2" }, { "vulnerability": "VCID-hdn9-z9eh-abfx" }, { "vulnerability": "VCID-k8b8-4muv-gye5" }, { "vulnerability": "VCID-kcww-jwz6-97fa" }, { "vulnerability": "VCID-ky3u-4syg-3yat" }, { "vulnerability": "VCID-m9cg-wd76-zqcy" }, { "vulnerability": "VCID-msru-ycnu-zuhe" }, { "vulnerability": "VCID-nn2y-9sk9-kugc" }, { "vulnerability": "VCID-pnw1-8knr-7qhc" }, { "vulnerability": "VCID-q3bw-2pvk-17dg" }, { "vulnerability": "VCID-q97q-u1zk-rqhd" }, { "vulnerability": "VCID-r799-28wr-23bu" }, { "vulnerability": "VCID-s3s5-gwjg-rqgv" }, { "vulnerability": "VCID-uc59-7c8z-6kbd" }, { "vulnerability": "VCID-v7s2-8wh8-kydw" }, { "vulnerability": "VCID-y61z-d6sj-qucc" }, { "vulnerability": "VCID-zfex-gefk-byfa" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:nuget/DotNetNuke.Core@9.5.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/198370?format=api", "purl": "pkg:nuget/DotNetNuke.Core@9.13.0-ci0000", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7u59-m3nn-q3gj" }, { "vulnerability": "VCID-cs7y-gg46-r3ca" }, { "vulnerability": "VCID-e5pw-7tpb-qyb8" }, { "vulnerability": "VCID-erck-k36n-2yd2" }, { "vulnerability": "VCID-hdn9-z9eh-abfx" }, { "vulnerability": "VCID-k8b8-4muv-gye5" }, { "vulnerability": "VCID-m9cg-wd76-zqcy" }, { "vulnerability": "VCID-msru-ycnu-zuhe" }, { "vulnerability": "VCID-nn2y-9sk9-kugc" }, { "vulnerability": "VCID-q3bw-2pvk-17dg" }, { "vulnerability": "VCID-q97q-u1zk-rqhd" }, { "vulnerability": "VCID-r799-28wr-23bu" }, { "vulnerability": "VCID-s3s5-gwjg-rqgv" }, { "vulnerability": "VCID-v7s2-8wh8-kydw" }, { "vulnerability": "VCID-y61z-d6sj-qucc" }, { "vulnerability": "VCID-zfex-gefk-byfa" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:nuget/DotNetNuke.Core@9.13.0-ci0000" } ], "aliases": [ "CVE-2020-5188", "GHSA-vjcm-j85r-7p68" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-y9ym-w5m9-e3bs" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/47839?format=api", "vulnerability_id": "VCID-zfex-gefk-byfa", "summary": "DNN Vulnerable to Stored XSS Using Backend Admin Credentials\nUsers that can edit modules could set a title that includes scripts.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-59546", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00025", "scoring_system": "epss", "scoring_elements": "0.07574", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00025", "scoring_system": "epss", "scoring_elements": "0.07566", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-59546" }, { "reference_url": "https://github.com/dnnsoftware/Dnn.Platform", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/dnnsoftware/Dnn.Platform" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-59546", "reference_id": "CVE-2025-59546", "reference_type": "", "scores": [ { "value": "2.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-59546" }, { "reference_url": "https://github.com/advisories/GHSA-gj8m-5492-q98h", "reference_id": "GHSA-gj8m-5492-q98h", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-gj8m-5492-q98h" }, { "reference_url": "https://github.com/dnnsoftware/Dnn.Platform/security/advisories/GHSA-gj8m-5492-q98h", "reference_id": "GHSA-gj8m-5492-q98h", "reference_type": "", "scores": [ { "value": "2.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N" }, { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-23T18:30:03Z/" } ], "url": "https://github.com/dnnsoftware/Dnn.Platform/security/advisories/GHSA-gj8m-5492-q98h" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/70574?format=api", "purl": "pkg:nuget/DotNetNuke.Core@10.1.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-77qd-hb2k-8uam" }, { "vulnerability": "VCID-7u59-m3nn-q3gj" }, { "vulnerability": "VCID-cs7y-gg46-r3ca" }, { "vulnerability": "VCID-e5pw-7tpb-qyb8" }, { "vulnerability": "VCID-k8b8-4muv-gye5" }, { "vulnerability": "VCID-q3bw-2pvk-17dg" }, { "vulnerability": "VCID-q97q-u1zk-rqhd" }, { "vulnerability": "VCID-r799-28wr-23bu" }, { "vulnerability": "VCID-s3s5-gwjg-rqgv" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:nuget/DotNetNuke.Core@10.1.0" } ], "aliases": [ "CVE-2025-59546", "GHSA-gj8m-5492-q98h" ], "risk_score": 1.4, "exploitability": "0.5", "weighted_severity": "2.7", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-zfex-gefk-byfa" } ], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/40040?format=api", "vulnerability_id": "VCID-xn9v-vadd-zyd1", "summary": "DNN (aka DotNetNuke) suffers from a Server-Side Request Forgery (SSRF) vulnerability in the DnnImageHandler class. Attackers may be able to access information about internal network resources.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-0929", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.92183", "scoring_system": "epss", "scoring_elements": "0.99727", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.92183", "scoring_system": "epss", "scoring_elements": "0.99728", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-0929" }, { "reference_url": "https://github.com/advisories/GHSA-g8j6-m4p7-5rfq", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-g8j6-m4p7-5rfq" }, { "reference_url": "https://github.com/dnnsoftware/Dnn.Platform", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/dnnsoftware/Dnn.Platform" }, { "reference_url": "https://github.com/dnnsoftware/Dnn.Platform/commit/d3953db85fee77bb5e6383747692c507ef8b94c3", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/dnnsoftware/Dnn.Platform/commit/d3953db85fee77bb5e6383747692c507ef8b94c3" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2017-0929", "reference_id": "CVE-2017-0929", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-0929" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/57623?format=api", "purl": "pkg:nuget/DotNetNuke.Core@9.2.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-dnf9-9hrt-1qfx" }, { "vulnerability": "VCID-jw1r-pvtw-d3bz" }, { "vulnerability": "VCID-uk5d-ubkt-6fhn" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:nuget/DotNetNuke.Core@9.2.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/56012?format=api", "purl": "pkg:nuget/DotNetNuke.Core@9.2.0.366", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2dnh-g597-juce" }, { "vulnerability": "VCID-3b3m-76g5-5kfm" }, { "vulnerability": "VCID-3e7c-8uk1-ruch" }, { "vulnerability": "VCID-7u59-m3nn-q3gj" }, { "vulnerability": "VCID-cs7y-gg46-r3ca" }, { "vulnerability": "VCID-dnf9-9hrt-1qfx" }, { "vulnerability": "VCID-e5pw-7tpb-qyb8" }, { "vulnerability": "VCID-erck-k36n-2yd2" }, { "vulnerability": "VCID-hdn9-z9eh-abfx" }, { "vulnerability": "VCID-jw1r-pvtw-d3bz" }, { "vulnerability": "VCID-k8b8-4muv-gye5" }, { "vulnerability": "VCID-ky3u-4syg-3yat" }, { "vulnerability": "VCID-m5hg-ajyc-3qf1" }, { "vulnerability": "VCID-m9cg-wd76-zqcy" }, { "vulnerability": "VCID-msru-ycnu-zuhe" }, { "vulnerability": "VCID-nn2y-9sk9-kugc" }, { "vulnerability": "VCID-pnw1-8knr-7qhc" }, { "vulnerability": "VCID-q3bw-2pvk-17dg" }, { "vulnerability": "VCID-q97q-u1zk-rqhd" }, { "vulnerability": "VCID-qscj-d21p-nfby" }, { "vulnerability": "VCID-r799-28wr-23bu" }, { "vulnerability": "VCID-s3s5-gwjg-rqgv" }, { "vulnerability": "VCID-uc59-7c8z-6kbd" }, { "vulnerability": "VCID-uk5d-ubkt-6fhn" }, { "vulnerability": "VCID-v7s2-8wh8-kydw" }, { "vulnerability": "VCID-y61z-d6sj-qucc" }, { "vulnerability": "VCID-y9ym-w5m9-e3bs" }, { "vulnerability": "VCID-zfex-gefk-byfa" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:nuget/DotNetNuke.Core@9.2.0.366" } ], "aliases": [ "CVE-2017-0929", "GHSA-g8j6-m4p7-5rfq" ], "risk_score": 10.0, "exploitability": "2.0", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-xn9v-vadd-zyd1" } ], "risk_score": "10.0", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:nuget/DotNetNuke.Core@9.2.0.366" }