Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/589056?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/589056?format=api", "purl": "pkg:nuget/DotNetNuke.Core@9.9.0", "type": "nuget", "namespace": "", "name": "DotNetNuke.Core", "version": "9.9.0", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "10.2.2", "latest_non_vulnerable_version": "10.2.2", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/108945?format=api", "vulnerability_id": "VCID-3b3m-76g5-5kfm", "summary": "DNN vulnerable to Relative Path Traversal\nDNN (GitHub repository dnnsoftware/dnn.platform) prior to 9.11.0 is vulnerable to Relative Path Traversal. Version 9.11.0 contains a patch for this issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-2922", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00453", "scoring_system": "epss", "scoring_elements": "0.64124", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00453", "scoring_system": "epss", "scoring_elements": "0.64126", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00453", "scoring_system": "epss", "scoring_elements": "0.64083", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00453", "scoring_system": "epss", "scoring_elements": "0.64135", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-2922" }, { "reference_url": "https://github.com/dnnsoftware/dnn.platform", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/dnnsoftware/dnn.platform" }, { "reference_url": "https://github.com/dnnsoftware/Dnn.Platform/commit/3697c5344cef8d49214230f0cc2efcd9e93a00a8", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/dnnsoftware/Dnn.Platform/commit/3697c5344cef8d49214230f0cc2efcd9e93a00a8" }, { "reference_url": "https://github.com/dnnsoftware/dnn.platform/commit/9b17351592fbde376506ba6705dbcc7a74a2a195", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.9", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N" }, { "value": "4.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-20T16:03:27Z/" } ], "url": "https://github.com/dnnsoftware/dnn.platform/commit/9b17351592fbde376506ba6705dbcc7a74a2a195" }, { "reference_url": "https://huntr.dev/bounties/74918f40-dc11-4218-abef-064eb71a0703", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.9", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N" }, { "value": "4.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-20T16:03:27Z/" } ], "url": "https://huntr.dev/bounties/74918f40-dc11-4218-abef-064eb71a0703" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-2922", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-2922" }, { "reference_url": "https://github.com/advisories/GHSA-9w72-2f23-57gm", "reference_id": "GHSA-9w72-2f23-57gm", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-9w72-2f23-57gm" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/145123?format=api", "purl": "pkg:nuget/DotNetNuke.Core@9.11.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7u59-m3nn-q3gj" }, { "vulnerability": "VCID-cs7y-gg46-r3ca" }, { "vulnerability": "VCID-e5pw-7tpb-qyb8" }, { "vulnerability": "VCID-erck-k36n-2yd2" }, { "vulnerability": "VCID-hdn9-z9eh-abfx" }, { "vulnerability": "VCID-k8b8-4muv-gye5" }, { "vulnerability": "VCID-m9cg-wd76-zqcy" }, { "vulnerability": "VCID-msru-ycnu-zuhe" }, { "vulnerability": "VCID-nn2y-9sk9-kugc" }, { "vulnerability": "VCID-q3bw-2pvk-17dg" }, { "vulnerability": "VCID-q97q-u1zk-rqhd" }, { "vulnerability": "VCID-r799-28wr-23bu" }, { "vulnerability": "VCID-s3s5-gwjg-rqgv" }, { "vulnerability": "VCID-v7s2-8wh8-kydw" }, { "vulnerability": "VCID-y61z-d6sj-qucc" }, { "vulnerability": "VCID-zfex-gefk-byfa" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:nuget/DotNetNuke.Core@9.11.0" } ], "aliases": [ "CVE-2022-2922", "GHSA-9w72-2f23-57gm" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-3b3m-76g5-5kfm" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/89773?format=api", "vulnerability_id": "VCID-7u59-m3nn-q3gj", "summary": "DotNetNuke.Core has stored cross-site-scripting (XSS) via SVG upload\nDNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Prior to version 10.2.2, a user could upload a specially crafted SVG file that could include scripts that can target both authenticated and unauthenticated DNN users. The impact is increased if the scripts are run by a power user. Version 10.2.2 patches the issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-40321", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.0611", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.06106", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.06122", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-40321" }, { "reference_url": "https://github.com/dnnsoftware/Dnn.Platform", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/dnnsoftware/Dnn.Platform" }, { "reference_url": "https://github.com/dnnsoftware/Dnn.Platform/releases/tag/v10.2.2", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H" }, { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-20T16:00:34Z/" } ], "url": "https://github.com/dnnsoftware/Dnn.Platform/releases/tag/v10.2.2" }, { "reference_url": "https://github.com/dnnsoftware/Dnn.Platform/security/advisories/GHSA-ffq7-898w-9jc4", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H" }, { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-20T16:00:34Z/" } ], "url": "https://github.com/dnnsoftware/Dnn.Platform/security/advisories/GHSA-ffq7-898w-9jc4" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-40321", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-40321" }, { "reference_url": "https://github.com/advisories/GHSA-ffq7-898w-9jc4", "reference_id": "GHSA-ffq7-898w-9jc4", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-ffq7-898w-9jc4" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/110262?format=api", "purl": "pkg:nuget/DotNetNuke.Core@10.2.2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:nuget/DotNetNuke.Core@10.2.2" } ], "aliases": [ "CVE-2026-40321", "GHSA-ffq7-898w-9jc4" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-7u59-m3nn-q3gj" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/49885?format=api", "vulnerability_id": "VCID-cs7y-gg46-r3ca", "summary": "DotNetNuke.Core Vulnerable to Stored XSS in Scheduler LogNotes\nExtensions could write richtext in log notes which can include scripts that would run in the PersonaBar when displayed.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-24836", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00017", "scoring_system": "epss", "scoring_elements": "0.04147", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00017", "scoring_system": "epss", "scoring_elements": "0.04161", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-24836" }, { "reference_url": "https://github.com/dnnsoftware/Dnn.Platform", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/dnnsoftware/Dnn.Platform" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-24836", "reference_id": "CVE-2026-24836", "reference_type": "", "scores": [ { "value": "7.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-24836" }, { "reference_url": "https://github.com/advisories/GHSA-2g5g-hcgh-q3rp", "reference_id": "GHSA-2g5g-hcgh-q3rp", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-2g5g-hcgh-q3rp" }, { "reference_url": "https://github.com/dnnsoftware/Dnn.Platform/security/advisories/GHSA-2g5g-hcgh-q3rp", "reference_id": "GHSA-2g5g-hcgh-q3rp", "reference_type": "", "scores": [ { "value": "7.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H" }, { "value": "7.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-01-28T21:04:00Z/" } ], "url": "https://github.com/dnnsoftware/Dnn.Platform/security/advisories/GHSA-2g5g-hcgh-q3rp" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/73660?format=api", "purl": "pkg:nuget/DotNetNuke.Core@10.2.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-77qd-hb2k-8uam" }, { "vulnerability": "VCID-7u59-m3nn-q3gj" }, { "vulnerability": "VCID-k8b8-4muv-gye5" }, { "vulnerability": "VCID-s3s5-gwjg-rqgv" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:nuget/DotNetNuke.Core@10.2.0" } ], "aliases": [ "CVE-2026-24836", "GHSA-2g5g-hcgh-q3rp" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-cs7y-gg46-r3ca" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/48225?format=api", "vulnerability_id": "VCID-e5pw-7tpb-qyb8", "summary": "DNN vulnerable to stored cross-site-scripting (XSS) via SVG upload\nSanitization of the content of uploaded SVG files was not covering all possible XSS scenarios.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-64094", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00025", "scoring_system": "epss", "scoring_elements": "0.07527", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00025", "scoring_system": "epss", "scoring_elements": "0.07548", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00025", "scoring_system": "epss", "scoring_elements": "0.0754", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-64094" }, { "reference_url": "https://github.com/dnnsoftware/Dnn.Platform", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/dnnsoftware/Dnn.Platform" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-64094", "reference_id": "CVE-2025-64094", "reference_type": "", "scores": [ { "value": "6.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-64094" }, { "reference_url": "https://github.com/advisories/GHSA-hmvq-8p83-cq52", "reference_id": "GHSA-hmvq-8p83-cq52", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-hmvq-8p83-cq52" }, { "reference_url": "https://github.com/dnnsoftware/Dnn.Platform/security/advisories/GHSA-hmvq-8p83-cq52", "reference_id": "GHSA-hmvq-8p83-cq52", "reference_type": "", "scores": [ { "value": "6.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-29T14:51:54Z/" } ], "url": "https://github.com/dnnsoftware/Dnn.Platform/security/advisories/GHSA-hmvq-8p83-cq52" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/71228?format=api", "purl": "pkg:nuget/DotNetNuke.Core@10.1.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-77qd-hb2k-8uam" }, { "vulnerability": "VCID-7u59-m3nn-q3gj" }, { "vulnerability": "VCID-cs7y-gg46-r3ca" }, { "vulnerability": "VCID-k8b8-4muv-gye5" }, { "vulnerability": "VCID-q3bw-2pvk-17dg" }, { "vulnerability": "VCID-q97q-u1zk-rqhd" }, { "vulnerability": "VCID-r799-28wr-23bu" }, { "vulnerability": "VCID-s3s5-gwjg-rqgv" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:nuget/DotNetNuke.Core@10.1.1" } ], "aliases": [ "CVE-2025-64094", "GHSA-hmvq-8p83-cq52" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-e5pw-7tpb-qyb8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/47830?format=api", "vulnerability_id": "VCID-erck-k36n-2yd2", "summary": "DNN allows loading unused themes on anonymous clients through query parameters\nArbitrary themes can be loaded through query parameters. If an installed theme had a vulnerability, even if it was not used on any page, this could be loaded on unsuspecting clients without knowledge of the site owner.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-59535", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00107", "scoring_system": "epss", "scoring_elements": "0.28453", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00107", "scoring_system": "epss", "scoring_elements": "0.28414", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00107", "scoring_system": "epss", "scoring_elements": "0.28494", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-59535" }, { "reference_url": "https://dnncommunity.org/?SkinSrc=%5BG%5Dskins%2Fxcillion%2Fhome&ContainerSrc=%5BG%5DContainers%2FXcillion%2FNoTitle", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://dnncommunity.org/?SkinSrc=%5BG%5Dskins%2Fxcillion%2Fhome&ContainerSrc=%5BG%5DContainers%2FXcillion%2FNoTitle" }, { "reference_url": "https://github.com/dnnsoftware/Dnn.Platform", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/dnnsoftware/Dnn.Platform" }, { "reference_url": "https://github.com/dnnsoftware/Dnn.Platform/blob/develop/DNN%20Platform/Library/UI/Skins/Skin.cs#L305", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-09-23T20:08:12Z/" } ], "url": "https://github.com/dnnsoftware/Dnn.Platform/blob/develop/DNN%20Platform/Library/UI/Skins/Skin.cs#L305" }, { "reference_url": "https://github.com/dnnsoftware/Dnn.Platform/commit/72f30f69fd2214d77f6c2577dfcca495a24caf5c", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-09-23T20:08:12Z/" } ], "url": "https://github.com/dnnsoftware/Dnn.Platform/commit/72f30f69fd2214d77f6c2577dfcca495a24caf5c" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-59535", "reference_id": "CVE-2025-59535", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-59535" }, { "reference_url": "https://github.com/advisories/GHSA-wq2j-w9pm-7x2p", "reference_id": "GHSA-wq2j-w9pm-7x2p", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-wq2j-w9pm-7x2p" }, { "reference_url": "https://github.com/dnnsoftware/Dnn.Platform/security/advisories/GHSA-wq2j-w9pm-7x2p", "reference_id": "GHSA-wq2j-w9pm-7x2p", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-09-23T20:08:12Z/" } ], "url": "https://github.com/dnnsoftware/Dnn.Platform/security/advisories/GHSA-wq2j-w9pm-7x2p" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/70574?format=api", "purl": "pkg:nuget/DotNetNuke.Core@10.1.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-77qd-hb2k-8uam" }, { "vulnerability": "VCID-7u59-m3nn-q3gj" }, { "vulnerability": "VCID-cs7y-gg46-r3ca" }, { "vulnerability": "VCID-e5pw-7tpb-qyb8" }, { "vulnerability": "VCID-k8b8-4muv-gye5" }, { "vulnerability": "VCID-q3bw-2pvk-17dg" }, { "vulnerability": "VCID-q97q-u1zk-rqhd" }, { "vulnerability": "VCID-r799-28wr-23bu" }, { "vulnerability": "VCID-s3s5-gwjg-rqgv" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:nuget/DotNetNuke.Core@10.1.0" } ], "aliases": [ "CVE-2025-59535", "GHSA-wq2j-w9pm-7x2p" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-erck-k36n-2yd2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/57111?format=api", "vulnerability_id": "VCID-hdn9-z9eh-abfx", "summary": "DotNetNuke.Core Vulnerable to Server-Side Request Forgery (SSRF)\nA bypass has been identified for the previously known vulnerability CVE-2017-0929, allowing unauthenticated attackers to execute arbitrary GET requests against target systems, including internal or adjacent networks.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-32372", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00102", "scoring_system": "epss", "scoring_elements": "0.27626", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00102", "scoring_system": "epss", "scoring_elements": "0.27663", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00102", "scoring_system": "epss", "scoring_elements": "0.27715", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-32372" }, { "reference_url": "https://github.com/dnnsoftware/Dnn.Platform", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/dnnsoftware/Dnn.Platform" }, { "reference_url": "https://github.com/dnnsoftware/Dnn.Platform/commit/4721dd9eef846936d3b1a3676499e46968d15feb", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-09T15:39:52Z/" } ], "url": "https://github.com/dnnsoftware/Dnn.Platform/commit/4721dd9eef846936d3b1a3676499e46968d15feb" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-32372", "reference_id": "CVE-2025-32372", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-32372" }, { "reference_url": "https://github.com/advisories/GHSA-3f7v-qx94-666m", "reference_id": "GHSA-3f7v-qx94-666m", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-3f7v-qx94-666m" }, { "reference_url": "https://github.com/dnnsoftware/Dnn.Platform/security/advisories/GHSA-3f7v-qx94-666m", "reference_id": "GHSA-3f7v-qx94-666m", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-09T15:39:52Z/" } ], "url": "https://github.com/dnnsoftware/Dnn.Platform/security/advisories/GHSA-3f7v-qx94-666m" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/84801?format=api", "purl": "pkg:nuget/DotNetNuke.Core@9.13.8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7u59-m3nn-q3gj" }, { "vulnerability": "VCID-cs7y-gg46-r3ca" }, { "vulnerability": "VCID-e5pw-7tpb-qyb8" }, { "vulnerability": "VCID-erck-k36n-2yd2" }, { "vulnerability": "VCID-k8b8-4muv-gye5" }, { "vulnerability": "VCID-m9cg-wd76-zqcy" }, { "vulnerability": "VCID-msru-ycnu-zuhe" }, { "vulnerability": "VCID-nn2y-9sk9-kugc" }, { "vulnerability": "VCID-q3bw-2pvk-17dg" }, { "vulnerability": "VCID-q97q-u1zk-rqhd" }, { "vulnerability": "VCID-r799-28wr-23bu" }, { "vulnerability": "VCID-s3s5-gwjg-rqgv" }, { "vulnerability": "VCID-v7s2-8wh8-kydw" }, { "vulnerability": "VCID-y61z-d6sj-qucc" }, { "vulnerability": "VCID-zfex-gefk-byfa" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:nuget/DotNetNuke.Core@9.13.8" } ], "aliases": [ "CVE-2025-32372", "GHSA-3f7v-qx94-666m" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-hdn9-z9eh-abfx" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/90281?format=api", "vulnerability_id": "VCID-k8b8-4muv-gye5", "summary": "DNN: Force Friend Request Acceptance\nDNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Starting in version 6.0.0 and prior to version 10.2.2, in the friends feature, a user could craft a request that would force the acceptance of a friend request on another user. Version 10.2.2 patches the issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-40305", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00034", "scoring_system": "epss", "scoring_elements": "0.10497", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00034", "scoring_system": "epss", "scoring_elements": "0.10536", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00034", "scoring_system": "epss", "scoring_elements": "0.10515", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-40305" }, { "reference_url": "https://github.com/dnnsoftware/Dnn.Platform", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/dnnsoftware/Dnn.Platform" }, { "reference_url": "https://github.com/dnnsoftware/Dnn.Platform/releases/tag/v10.2.2", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-20T13:22:45Z/" } ], "url": "https://github.com/dnnsoftware/Dnn.Platform/releases/tag/v10.2.2" }, { "reference_url": "https://github.com/dnnsoftware/Dnn.Platform/security/advisories/GHSA-fpj4-9qhx-5m6m", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-20T13:22:45Z/" } ], "url": "https://github.com/dnnsoftware/Dnn.Platform/security/advisories/GHSA-fpj4-9qhx-5m6m" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-40305", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-40305" }, { "reference_url": "https://github.com/advisories/GHSA-fpj4-9qhx-5m6m", "reference_id": "GHSA-fpj4-9qhx-5m6m", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-fpj4-9qhx-5m6m" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/110262?format=api", "purl": "pkg:nuget/DotNetNuke.Core@10.2.2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:nuget/DotNetNuke.Core@10.2.2" } ], "aliases": [ "CVE-2026-40305", "GHSA-fpj4-9qhx-5m6m" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-k8b8-4muv-gye5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/44931?format=api", "vulnerability_id": "VCID-ky3u-4syg-3yat", "summary": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')\nAn arbitrary file upload vulnerability in the Digital Assets Manager module of DNN Corp DotNetNuke v7.0.0 to v9.10.2 allows attackers to execute arbitrary code via a crafted SVG file.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-47053", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00738", "scoring_system": "epss", "scoring_elements": "0.73224", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00738", "scoring_system": "epss", "scoring_elements": "0.73261", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00738", "scoring_system": "epss", "scoring_elements": "0.73267", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00738", "scoring_system": "epss", "scoring_elements": "0.73249", "published_at": "2026-06-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-47053" }, { "reference_url": "https://www.dnnsoftware.com/community/security/security-center", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-10T16:43:29Z/" } ], "url": "https://www.dnnsoftware.com/community/security/security-center" }, { "reference_url": "https://www.dnnsoftware.com/community/security/security-center#:~:text=XSS%20in%20Digital%20Asset%20Manager", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-10T16:43:29Z/" } ], "url": "https://www.dnnsoftware.com/community/security/security-center#:~:text=XSS%20in%20Digital%20Asset%20Manager" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-47053", "reference_id": "CVE-2022-47053", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-47053" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/145123?format=api", "purl": "pkg:nuget/DotNetNuke.Core@9.11.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7u59-m3nn-q3gj" }, { "vulnerability": "VCID-cs7y-gg46-r3ca" }, { "vulnerability": "VCID-e5pw-7tpb-qyb8" }, { "vulnerability": "VCID-erck-k36n-2yd2" }, { "vulnerability": "VCID-hdn9-z9eh-abfx" }, { "vulnerability": "VCID-k8b8-4muv-gye5" }, { "vulnerability": "VCID-m9cg-wd76-zqcy" }, { "vulnerability": "VCID-msru-ycnu-zuhe" }, { "vulnerability": "VCID-nn2y-9sk9-kugc" }, { "vulnerability": "VCID-q3bw-2pvk-17dg" }, { "vulnerability": "VCID-q97q-u1zk-rqhd" }, { "vulnerability": "VCID-r799-28wr-23bu" }, { "vulnerability": "VCID-s3s5-gwjg-rqgv" }, { "vulnerability": "VCID-v7s2-8wh8-kydw" }, { "vulnerability": "VCID-y61z-d6sj-qucc" }, { "vulnerability": "VCID-zfex-gefk-byfa" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:nuget/DotNetNuke.Core@9.11.0" } ], "aliases": [ "CVE-2022-47053" ], "risk_score": 1.4, "exploitability": "0.5", "weighted_severity": "2.7", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ky3u-4syg-3yat" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/47823?format=api", "vulnerability_id": "VCID-m9cg-wd76-zqcy", "summary": "Duplicate\nThis advisory duplicates another.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-59539", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00027", "scoring_system": "epss", "scoring_elements": "0.08238", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00027", "scoring_system": "epss", "scoring_elements": "0.08259", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00027", "scoring_system": "epss", "scoring_elements": "0.08247", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-59539" }, { "reference_url": "https://github.com/dnnsoftware/Dnn.Platform", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/dnnsoftware/Dnn.Platform" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-59539", "reference_id": "CVE-2025-59539", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-59539" }, { "reference_url": "https://github.com/advisories/GHSA-7rcc-q6rq-jpcm", "reference_id": "GHSA-7rcc-q6rq-jpcm", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-7rcc-q6rq-jpcm" }, { "reference_url": "https://github.com/dnnsoftware/Dnn.Platform/security/advisories/GHSA-7rcc-q6rq-jpcm", "reference_id": "GHSA-7rcc-q6rq-jpcm", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-23T18:30:23Z/" } ], "url": "https://github.com/dnnsoftware/Dnn.Platform/security/advisories/GHSA-7rcc-q6rq-jpcm" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/70574?format=api", "purl": "pkg:nuget/DotNetNuke.Core@10.1.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-77qd-hb2k-8uam" }, { "vulnerability": "VCID-7u59-m3nn-q3gj" }, { "vulnerability": "VCID-cs7y-gg46-r3ca" }, { "vulnerability": "VCID-e5pw-7tpb-qyb8" }, { "vulnerability": "VCID-k8b8-4muv-gye5" }, { "vulnerability": "VCID-q3bw-2pvk-17dg" }, { "vulnerability": "VCID-q97q-u1zk-rqhd" }, { "vulnerability": "VCID-r799-28wr-23bu" }, { "vulnerability": "VCID-s3s5-gwjg-rqgv" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:nuget/DotNetNuke.Core@10.1.0" } ], "aliases": [ "CVE-2025-59539", "GHSA-7rcc-q6rq-jpcm" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-m9cg-wd76-zqcy" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/47837?format=api", "vulnerability_id": "VCID-msru-ycnu-zuhe", "summary": "DNN Vulnerable to Stored Cross-Site Scripting (XSS) in the Prompt module\nThe Prompt module allows execution of commands that can return raw HTML. Malicious input, even if sanitized for display elsewhere, can be executed when processed through certain commands, leading to potential script execution (XSS).", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-59545", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00071", "scoring_system": "epss", "scoring_elements": "0.21814", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00071", "scoring_system": "epss", "scoring_elements": "0.2186", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00071", "scoring_system": "epss", "scoring_elements": "0.21872", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-59545" }, { "reference_url": "https://github.com/dnnsoftware/Dnn.Platform", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/dnnsoftware/Dnn.Platform" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-59545", "reference_id": "CVE-2025-59545", "reference_type": "", "scores": [ { "value": "9.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-59545" }, { "reference_url": "https://github.com/advisories/GHSA-2qxc-mf4x-wr29", "reference_id": "GHSA-2qxc-mf4x-wr29", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-2qxc-mf4x-wr29" }, { "reference_url": "https://github.com/dnnsoftware/Dnn.Platform/security/advisories/GHSA-2qxc-mf4x-wr29", "reference_id": "GHSA-2qxc-mf4x-wr29", "reference_type": "", "scores": [ { "value": "9.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H" }, { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-09-23T18:30:12Z/" } ], "url": "https://github.com/dnnsoftware/Dnn.Platform/security/advisories/GHSA-2qxc-mf4x-wr29" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/70574?format=api", "purl": "pkg:nuget/DotNetNuke.Core@10.1.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-77qd-hb2k-8uam" }, { "vulnerability": "VCID-7u59-m3nn-q3gj" }, { "vulnerability": "VCID-cs7y-gg46-r3ca" }, { "vulnerability": "VCID-e5pw-7tpb-qyb8" }, { "vulnerability": "VCID-k8b8-4muv-gye5" }, { "vulnerability": "VCID-q3bw-2pvk-17dg" }, { "vulnerability": "VCID-q97q-u1zk-rqhd" }, { "vulnerability": "VCID-r799-28wr-23bu" }, { "vulnerability": "VCID-s3s5-gwjg-rqgv" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:nuget/DotNetNuke.Core@10.1.0" } ], "aliases": [ "CVE-2025-59545", "GHSA-2qxc-mf4x-wr29" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-msru-ycnu-zuhe" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/57341?format=api", "vulnerability_id": "VCID-nn2y-9sk9-kugc", "summary": "DNN allows Stored Cross-Site Scripting (XSS) with svg files rendered inline\nUploaded SVG files could contain scripts and if rendered inline those scripts could run allowing XSS attacks.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-48378", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00055", "scoring_system": "epss", "scoring_elements": "0.17634", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00055", "scoring_system": "epss", "scoring_elements": "0.17667", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00055", "scoring_system": "epss", "scoring_elements": "0.17673", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-48378" }, { "reference_url": "https://github.com/dnnsoftware/Dnn.Platform", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/dnnsoftware/Dnn.Platform" }, { "reference_url": "https://github.com/dnnsoftware/Dnn.Platform/commit/cfed83c291d5e5072b2fa70924a8b7c35b1cdf9e", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-23T16:00:53Z/" } ], "url": "https://github.com/dnnsoftware/Dnn.Platform/commit/cfed83c291d5e5072b2fa70924a8b7c35b1cdf9e" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-48378", "reference_id": "CVE-2025-48378", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-48378" }, { "reference_url": "https://github.com/advisories/GHSA-m4hf-fxcg-cp34", "reference_id": "GHSA-m4hf-fxcg-cp34", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-m4hf-fxcg-cp34" }, { "reference_url": "https://github.com/dnnsoftware/Dnn.Platform/security/advisories/GHSA-m4hf-fxcg-cp34", "reference_id": "GHSA-m4hf-fxcg-cp34", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-23T16:00:53Z/" } ], "url": "https://github.com/dnnsoftware/Dnn.Platform/security/advisories/GHSA-m4hf-fxcg-cp34" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/73694?format=api", "purl": "pkg:nuget/DotNetNuke.Core@9.13.9", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7u59-m3nn-q3gj" }, { "vulnerability": "VCID-cs7y-gg46-r3ca" }, { "vulnerability": "VCID-e5pw-7tpb-qyb8" }, { "vulnerability": "VCID-erck-k36n-2yd2" }, { "vulnerability": "VCID-k8b8-4muv-gye5" }, { "vulnerability": "VCID-m9cg-wd76-zqcy" }, { "vulnerability": "VCID-msru-ycnu-zuhe" }, { "vulnerability": "VCID-q3bw-2pvk-17dg" }, { "vulnerability": "VCID-q97q-u1zk-rqhd" }, { "vulnerability": "VCID-r799-28wr-23bu" }, { "vulnerability": "VCID-s3s5-gwjg-rqgv" }, { "vulnerability": "VCID-y61z-d6sj-qucc" }, { "vulnerability": "VCID-zfex-gefk-byfa" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:nuget/DotNetNuke.Core@9.13.9" } ], "aliases": [ "CVE-2025-48378", "GHSA-m4hf-fxcg-cp34" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-nn2y-9sk9-kugc" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/247801?format=api", "vulnerability_id": "VCID-pnw1-8knr-7qhc", "summary": "", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-40186", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00311", "scoring_system": "epss", "scoring_elements": "0.54618", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00311", "scoring_system": "epss", "scoring_elements": "0.54676", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00311", "scoring_system": "epss", "scoring_elements": "0.54687", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00311", "scoring_system": "epss", "scoring_elements": "0.54679", "published_at": "2026-06-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-40186" }, { "reference_url": "https://appcheck-ng.com/dnn-cms-server-side-request-forgery-cve-2021-40186", "reference_id": "", "reference_type": "", "scores": [], "url": "https://appcheck-ng.com/dnn-cms-server-side-request-forgery-cve-2021-40186" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-40186", "reference_id": "CVE-2021-40186", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-40186" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/198370?format=api", "purl": "pkg:nuget/DotNetNuke.Core@9.13.0-ci0000", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7u59-m3nn-q3gj" }, { "vulnerability": "VCID-cs7y-gg46-r3ca" }, { "vulnerability": "VCID-e5pw-7tpb-qyb8" }, { "vulnerability": "VCID-erck-k36n-2yd2" }, { "vulnerability": "VCID-hdn9-z9eh-abfx" }, { "vulnerability": "VCID-k8b8-4muv-gye5" }, { "vulnerability": "VCID-m9cg-wd76-zqcy" }, { "vulnerability": "VCID-msru-ycnu-zuhe" }, { "vulnerability": "VCID-nn2y-9sk9-kugc" }, { "vulnerability": "VCID-q3bw-2pvk-17dg" }, { "vulnerability": "VCID-q97q-u1zk-rqhd" }, { "vulnerability": "VCID-r799-28wr-23bu" }, { "vulnerability": "VCID-s3s5-gwjg-rqgv" }, { "vulnerability": "VCID-v7s2-8wh8-kydw" }, { "vulnerability": "VCID-y61z-d6sj-qucc" }, { "vulnerability": "VCID-zfex-gefk-byfa" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:nuget/DotNetNuke.Core@9.13.0-ci0000" } ], "aliases": [ "CVE-2021-40186" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-pnw1-8knr-7qhc" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/49880?format=api", "vulnerability_id": "VCID-q3bw-2pvk-17dg", "summary": "DotNetNuke.Core Vulnerable to Stored XSS in Module Deletion Confirmation Modal\nA module friendly name could include scripts that will run during some module operations in the Persona Bar.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-24837", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00017", "scoring_system": "epss", "scoring_elements": "0.04147", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00017", "scoring_system": "epss", "scoring_elements": "0.04161", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-24837" }, { "reference_url": "https://github.com/dnnsoftware/Dnn.Platform", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/dnnsoftware/Dnn.Platform" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-24837", "reference_id": "CVE-2026-24837", "reference_type": "", "scores": [ { "value": "7.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-24837" }, { "reference_url": "https://github.com/advisories/GHSA-vm5q-8qww-h238", "reference_id": "GHSA-vm5q-8qww-h238", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-vm5q-8qww-h238" }, { "reference_url": "https://github.com/dnnsoftware/Dnn.Platform/security/advisories/GHSA-vm5q-8qww-h238", "reference_id": "GHSA-vm5q-8qww-h238", "reference_type": "", "scores": [ { "value": "7.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H" }, { "value": "7.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-01-28T21:02:52Z/" } ], "url": "https://github.com/dnnsoftware/Dnn.Platform/security/advisories/GHSA-vm5q-8qww-h238" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/73660?format=api", "purl": "pkg:nuget/DotNetNuke.Core@10.2.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-77qd-hb2k-8uam" }, { "vulnerability": "VCID-7u59-m3nn-q3gj" }, { "vulnerability": "VCID-k8b8-4muv-gye5" }, { "vulnerability": "VCID-s3s5-gwjg-rqgv" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:nuget/DotNetNuke.Core@10.2.0" } ], "aliases": [ "CVE-2026-24837", "GHSA-vm5q-8qww-h238" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-q3bw-2pvk-17dg" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/49878?format=api", "vulnerability_id": "VCID-q97q-u1zk-rqhd", "summary": "DotNetNuke.Core has a potential XSS vulnerability in modules' header and footer\nA content editor could inject scripts in module headers/footers that would run for other users.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-24784", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00054", "scoring_system": "epss", "scoring_elements": "0.17157", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00054", "scoring_system": "epss", "scoring_elements": "0.17192", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00054", "scoring_system": "epss", "scoring_elements": "0.17196", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-24784" }, { "reference_url": "https://github.com/dnnsoftware/Dnn.Platform", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/dnnsoftware/Dnn.Platform" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-24784", "reference_id": "CVE-2026-24784", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-24784" }, { "reference_url": "https://github.com/advisories/GHSA-jjwg-4948-6wxp", "reference_id": "GHSA-jjwg-4948-6wxp", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-jjwg-4948-6wxp" }, { "reference_url": "https://github.com/dnnsoftware/Dnn.Platform/security/advisories/GHSA-jjwg-4948-6wxp", "reference_id": "GHSA-jjwg-4948-6wxp", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N" }, { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-28T15:06:32Z/" } ], "url": "https://github.com/dnnsoftware/Dnn.Platform/security/advisories/GHSA-jjwg-4948-6wxp" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/73659?format=api", "purl": "pkg:nuget/DotNetNuke.Core@9.13.10", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:nuget/DotNetNuke.Core@9.13.10" }, { "url": "http://public2.vulnerablecode.io/api/packages/73660?format=api", "purl": "pkg:nuget/DotNetNuke.Core@10.2.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-77qd-hb2k-8uam" }, { "vulnerability": "VCID-7u59-m3nn-q3gj" }, { "vulnerability": "VCID-k8b8-4muv-gye5" }, { "vulnerability": "VCID-s3s5-gwjg-rqgv" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:nuget/DotNetNuke.Core@10.2.0" } ], "aliases": [ "CVE-2026-24784", "GHSA-jjwg-4948-6wxp" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-q97q-u1zk-rqhd" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/49871?format=api", "vulnerability_id": "VCID-r799-28wr-23bu", "summary": "DotNetNuke.Core Vulnerable to Stored XSS via Module Title\nModule title supports richtext which could include scripts that would execute in certain scenarios.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-24838", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00055", "scoring_system": "epss", "scoring_elements": "0.17459", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00055", "scoring_system": "epss", "scoring_elements": "0.17496", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00055", "scoring_system": "epss", "scoring_elements": "0.175", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-24838" }, { "reference_url": "https://github.com/dnnsoftware/Dnn.Platform", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/dnnsoftware/Dnn.Platform" }, { "reference_url": "https://github.com/dnnsoftware/Dnn.Platform/commit/4a4bcbcdf3cedbf702816f8168c4d51bf688f7f6", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/dnnsoftware/Dnn.Platform/commit/4a4bcbcdf3cedbf702816f8168c4d51bf688f7f6" }, { "reference_url": "https://github.com/dnnsoftware/Dnn.Platform/releases/tag/v10.2.0", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/dnnsoftware/Dnn.Platform/releases/tag/v10.2.0" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-24838", "reference_id": "CVE-2026-24838", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-24838" }, { "reference_url": "https://github.com/advisories/GHSA-w9pf-h6m6-v89h", "reference_id": "GHSA-w9pf-h6m6-v89h", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-w9pf-h6m6-v89h" }, { "reference_url": "https://github.com/dnnsoftware/Dnn.Platform/security/advisories/GHSA-w9pf-h6m6-v89h", "reference_id": "GHSA-w9pf-h6m6-v89h", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-01-28T15:03:11Z/" } ], "url": "https://github.com/dnnsoftware/Dnn.Platform/security/advisories/GHSA-w9pf-h6m6-v89h" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/73659?format=api", "purl": "pkg:nuget/DotNetNuke.Core@9.13.10", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:nuget/DotNetNuke.Core@9.13.10" }, { "url": "http://public2.vulnerablecode.io/api/packages/73660?format=api", "purl": "pkg:nuget/DotNetNuke.Core@10.2.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-77qd-hb2k-8uam" }, { "vulnerability": "VCID-7u59-m3nn-q3gj" }, { "vulnerability": "VCID-k8b8-4muv-gye5" }, { "vulnerability": "VCID-s3s5-gwjg-rqgv" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:nuget/DotNetNuke.Core@10.2.0" } ], "aliases": [ "CVE-2026-24838", "GHSA-w9pf-h6m6-v89h" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-r799-28wr-23bu" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/90191?format=api", "vulnerability_id": "VCID-s3s5-gwjg-rqgv", "summary": "DotNetNuke.Core security code analysis rules triggered\nThe codebase raises code analysis warnings related to security, including CA3075, CA5366, CA5371, CA5368, CA5369, CA5372, CA5379, CA5350, and CA5351.\n\nMost of these deal with disabling DTD processing in XML documents, but also includes cryptographic algorithm choices.", "references": [ { "reference_url": "https://github.com/dnnsoftware/Dnn.Platform", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/dnnsoftware/Dnn.Platform" }, { "reference_url": "https://github.com/dnnsoftware/Dnn.Platform/security/advisories/GHSA-fcpv-w245-r2q7", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/dnnsoftware/Dnn.Platform/security/advisories/GHSA-fcpv-w245-r2q7" }, { "reference_url": "https://github.com/advisories/GHSA-fcpv-w245-r2q7", "reference_id": "GHSA-fcpv-w245-r2q7", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-fcpv-w245-r2q7" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/110262?format=api", "purl": "pkg:nuget/DotNetNuke.Core@10.2.2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:nuget/DotNetNuke.Core@10.2.2" } ], "aliases": [ "GHSA-fcpv-w245-r2q7" ], "risk_score": 1.4, "exploitability": "0.5", "weighted_severity": "2.7", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-s3s5-gwjg-rqgv" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/243329?format=api", "vulnerability_id": "VCID-uc59-7c8z-6kbd", "summary": "", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-31858", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00234", "scoring_system": "epss", "scoring_elements": "0.46422", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00234", "scoring_system": "epss", "scoring_elements": "0.46488", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00234", "scoring_system": "epss", "scoring_elements": "0.4649", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00234", "scoring_system": "epss", "scoring_elements": "0.4647", "published_at": "2026-06-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-31858" }, { "reference_url": "https://www.dnnsoftware.com/community/security/security-center", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.dnnsoftware.com/community/security/security-center" }, { "reference_url": "https://labs.integrity.pt/advisories/cve-2021-31858/", "reference_id": "CVE-2021-31858", "reference_type": "", "scores": [], "url": "https://labs.integrity.pt/advisories/cve-2021-31858/" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-31858", "reference_id": "CVE-2021-31858", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-31858" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/198370?format=api", "purl": "pkg:nuget/DotNetNuke.Core@9.13.0-ci0000", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7u59-m3nn-q3gj" }, { "vulnerability": "VCID-cs7y-gg46-r3ca" }, { "vulnerability": "VCID-e5pw-7tpb-qyb8" }, { "vulnerability": "VCID-erck-k36n-2yd2" }, { "vulnerability": "VCID-hdn9-z9eh-abfx" }, { "vulnerability": "VCID-k8b8-4muv-gye5" }, { "vulnerability": "VCID-m9cg-wd76-zqcy" }, { "vulnerability": "VCID-msru-ycnu-zuhe" }, { "vulnerability": "VCID-nn2y-9sk9-kugc" }, { "vulnerability": "VCID-q3bw-2pvk-17dg" }, { "vulnerability": "VCID-q97q-u1zk-rqhd" }, { "vulnerability": "VCID-r799-28wr-23bu" }, { "vulnerability": "VCID-s3s5-gwjg-rqgv" }, { "vulnerability": "VCID-v7s2-8wh8-kydw" }, { "vulnerability": "VCID-y61z-d6sj-qucc" }, { "vulnerability": "VCID-zfex-gefk-byfa" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:nuget/DotNetNuke.Core@9.13.0-ci0000" } ], "aliases": [ "CVE-2021-31858" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-uc59-7c8z-6kbd" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/57339?format=api", "vulnerability_id": "VCID-v7s2-8wh8-kydw", "summary": "Reflected Cross-Site Scripting (XSS) in module actions in edit mode\nA specially crafted URL may be constructed which can inject an XSS payload that is triggered by using some module actions.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-48377", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00141", "scoring_system": "epss", "scoring_elements": "0.33988", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00141", "scoring_system": "epss", "scoring_elements": "0.3397", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00141", "scoring_system": "epss", "scoring_elements": "0.34003", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-48377" }, { "reference_url": "https://github.com/dnnsoftware/Dnn.Platform", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.0", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/dnnsoftware/Dnn.Platform" }, { "reference_url": "https://github.com/dnnsoftware/Dnn.Platform/commit/351b166492ad4b6509c273dc83211d52238e31a7", "reference_id": "", "reference_type": "", "scores": [ { "value": "6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N" }, { "value": "6.0", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-23T15:51:04Z/" } ], "url": "https://github.com/dnnsoftware/Dnn.Platform/commit/351b166492ad4b6509c273dc83211d52238e31a7" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-48377", "reference_id": "CVE-2025-48377", "reference_type": "", "scores": [ { "value": "6.0", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-48377" }, { "reference_url": "https://github.com/advisories/GHSA-79m3-rvx2-3qq9", "reference_id": "GHSA-79m3-rvx2-3qq9", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-79m3-rvx2-3qq9" }, { "reference_url": "https://github.com/dnnsoftware/Dnn.Platform/security/advisories/GHSA-79m3-rvx2-3qq9", "reference_id": "GHSA-79m3-rvx2-3qq9", "reference_type": "", "scores": [ { "value": "6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N" }, { "value": "6.0", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-23T15:51:04Z/" } ], "url": "https://github.com/dnnsoftware/Dnn.Platform/security/advisories/GHSA-79m3-rvx2-3qq9" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/73694?format=api", "purl": "pkg:nuget/DotNetNuke.Core@9.13.9", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7u59-m3nn-q3gj" }, { "vulnerability": "VCID-cs7y-gg46-r3ca" }, { "vulnerability": "VCID-e5pw-7tpb-qyb8" }, { "vulnerability": "VCID-erck-k36n-2yd2" }, { "vulnerability": "VCID-k8b8-4muv-gye5" }, { "vulnerability": "VCID-m9cg-wd76-zqcy" }, { "vulnerability": "VCID-msru-ycnu-zuhe" }, { "vulnerability": "VCID-q3bw-2pvk-17dg" }, { "vulnerability": "VCID-q97q-u1zk-rqhd" }, { "vulnerability": "VCID-r799-28wr-23bu" }, { "vulnerability": "VCID-s3s5-gwjg-rqgv" }, { "vulnerability": "VCID-y61z-d6sj-qucc" }, { "vulnerability": "VCID-zfex-gefk-byfa" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:nuget/DotNetNuke.Core@9.13.9" } ], "aliases": [ "CVE-2025-48377", "GHSA-79m3-rvx2-3qq9" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-v7s2-8wh8-kydw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/47841?format=api", "vulnerability_id": "VCID-y61z-d6sj-qucc", "summary": "DNN vulnerable to Reflected Cross-Site Scripting (XSS) using url to profile\nA reflected cross-site scripting (XSS) vulnerability exists under certain conditions, using a specially crafter url to view a user profile", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-59821", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00031", "scoring_system": "epss", "scoring_elements": "0.09401", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00031", "scoring_system": "epss", "scoring_elements": "0.09416", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00031", "scoring_system": "epss", "scoring_elements": "0.09399", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-59821" }, { "reference_url": "https://github.com/dnnsoftware/Dnn.Platform", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/dnnsoftware/Dnn.Platform" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-59821", "reference_id": "CVE-2025-59821", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-59821" }, { "reference_url": "https://github.com/advisories/GHSA-jc4g-c8ww-5738", "reference_id": "GHSA-jc4g-c8ww-5738", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-jc4g-c8ww-5738" }, { "reference_url": "https://github.com/dnnsoftware/Dnn.Platform/security/advisories/GHSA-jc4g-c8ww-5738", "reference_id": "GHSA-jc4g-c8ww-5738", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-23T18:29:53Z/" } ], "url": "https://github.com/dnnsoftware/Dnn.Platform/security/advisories/GHSA-jc4g-c8ww-5738" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/70574?format=api", "purl": "pkg:nuget/DotNetNuke.Core@10.1.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-77qd-hb2k-8uam" }, { "vulnerability": "VCID-7u59-m3nn-q3gj" }, { "vulnerability": "VCID-cs7y-gg46-r3ca" }, { "vulnerability": "VCID-e5pw-7tpb-qyb8" }, { "vulnerability": "VCID-k8b8-4muv-gye5" }, { "vulnerability": "VCID-q3bw-2pvk-17dg" }, { "vulnerability": "VCID-q97q-u1zk-rqhd" }, { "vulnerability": "VCID-r799-28wr-23bu" }, { "vulnerability": "VCID-s3s5-gwjg-rqgv" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:nuget/DotNetNuke.Core@10.1.0" } ], "aliases": [ "CVE-2025-59821", "GHSA-jc4g-c8ww-5738" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-y61z-d6sj-qucc" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/47839?format=api", "vulnerability_id": "VCID-zfex-gefk-byfa", "summary": "DNN Vulnerable to Stored XSS Using Backend Admin Credentials\nUsers that can edit modules could set a title that includes scripts.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-59546", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00025", "scoring_system": "epss", "scoring_elements": "0.07554", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00025", "scoring_system": "epss", "scoring_elements": "0.07574", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00025", "scoring_system": "epss", "scoring_elements": "0.07566", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-59546" }, { "reference_url": "https://github.com/dnnsoftware/Dnn.Platform", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/dnnsoftware/Dnn.Platform" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-59546", "reference_id": "CVE-2025-59546", "reference_type": "", "scores": [ { "value": "2.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-59546" }, { "reference_url": "https://github.com/advisories/GHSA-gj8m-5492-q98h", "reference_id": "GHSA-gj8m-5492-q98h", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-gj8m-5492-q98h" }, { "reference_url": "https://github.com/dnnsoftware/Dnn.Platform/security/advisories/GHSA-gj8m-5492-q98h", "reference_id": "GHSA-gj8m-5492-q98h", "reference_type": "", "scores": [ { "value": "2.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N" }, { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-23T18:30:03Z/" } ], "url": "https://github.com/dnnsoftware/Dnn.Platform/security/advisories/GHSA-gj8m-5492-q98h" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/70574?format=api", "purl": "pkg:nuget/DotNetNuke.Core@10.1.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-77qd-hb2k-8uam" }, { "vulnerability": "VCID-7u59-m3nn-q3gj" }, { "vulnerability": "VCID-cs7y-gg46-r3ca" }, { "vulnerability": "VCID-e5pw-7tpb-qyb8" }, { "vulnerability": "VCID-k8b8-4muv-gye5" }, { "vulnerability": "VCID-q3bw-2pvk-17dg" }, { "vulnerability": "VCID-q97q-u1zk-rqhd" }, { "vulnerability": "VCID-r799-28wr-23bu" }, { "vulnerability": "VCID-s3s5-gwjg-rqgv" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:nuget/DotNetNuke.Core@10.1.0" } ], "aliases": [ "CVE-2025-59546", "GHSA-gj8m-5492-q98h" ], "risk_score": 1.4, "exploitability": "0.5", "weighted_severity": "2.7", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-zfex-gefk-byfa" } ], "fixing_vulnerabilities": [], "risk_score": "4.5", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:nuget/DotNetNuke.Core@9.9.0" }