Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/70574?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/70574?format=api", "purl": "pkg:nuget/DotNetNuke.Core@10.1.0", "type": "nuget", "namespace": "", "name": "DotNetNuke.Core", "version": "10.1.0", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "10.2.2", "latest_non_vulnerable_version": "10.2.2", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/89216?format=api", "vulnerability_id": "VCID-77qd-hb2k-8uam", "summary": "DNN: Same HostGUID for all new installs\nDNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. All new installations of DNN 10.x.x - 10.2.1 have the same Host GUID. This does not affect upgrades from 9.x.x. Version 10.2.2 patches the issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-40306", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00041", "scoring_system": "epss", "scoring_elements": "0.12999", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00041", "scoring_system": "epss", "scoring_elements": "0.12996", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-40306" }, { "reference_url": "https://github.com/dnnsoftware/Dnn.Platform", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/dnnsoftware/Dnn.Platform" }, { "reference_url": "https://github.com/dnnsoftware/Dnn.Platform/releases/tag/v10.2.2", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-20T16:18:17Z/" } ], "url": "https://github.com/dnnsoftware/Dnn.Platform/releases/tag/v10.2.2" }, { "reference_url": "https://github.com/dnnsoftware/Dnn.Platform/security/advisories/GHSA-2rhw-gw3f-477j", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-20T16:18:17Z/" } ], "url": "https://github.com/dnnsoftware/Dnn.Platform/security/advisories/GHSA-2rhw-gw3f-477j" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-40306", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-40306" }, { "reference_url": "https://github.com/advisories/GHSA-2rhw-gw3f-477j", "reference_id": "GHSA-2rhw-gw3f-477j", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-2rhw-gw3f-477j" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/110262?format=api", "purl": "pkg:nuget/DotNetNuke.Core@10.2.2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:nuget/DotNetNuke.Core@10.2.2" } ], "aliases": [ "CVE-2026-40306", "GHSA-2rhw-gw3f-477j" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-77qd-hb2k-8uam" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/89773?format=api", "vulnerability_id": "VCID-7u59-m3nn-q3gj", "summary": "DotNetNuke.Core has stored cross-site-scripting (XSS) via SVG upload\nDNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Prior to version 10.2.2, a user could upload a specially crafted SVG file that could include scripts that can target both authenticated and unauthenticated DNN users. The impact is increased if the scripts are run by a power user. Version 10.2.2 patches the issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-40321", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.0611", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.06122", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-40321" }, { "reference_url": "https://github.com/dnnsoftware/Dnn.Platform", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/dnnsoftware/Dnn.Platform" }, { "reference_url": "https://github.com/dnnsoftware/Dnn.Platform/releases/tag/v10.2.2", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H" }, { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-20T16:00:34Z/" } ], "url": "https://github.com/dnnsoftware/Dnn.Platform/releases/tag/v10.2.2" }, { "reference_url": "https://github.com/dnnsoftware/Dnn.Platform/security/advisories/GHSA-ffq7-898w-9jc4", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H" }, { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-20T16:00:34Z/" } ], "url": "https://github.com/dnnsoftware/Dnn.Platform/security/advisories/GHSA-ffq7-898w-9jc4" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-40321", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-40321" }, { "reference_url": "https://github.com/advisories/GHSA-ffq7-898w-9jc4", "reference_id": "GHSA-ffq7-898w-9jc4", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-ffq7-898w-9jc4" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/110262?format=api", "purl": "pkg:nuget/DotNetNuke.Core@10.2.2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:nuget/DotNetNuke.Core@10.2.2" } ], "aliases": [ "CVE-2026-40321", "GHSA-ffq7-898w-9jc4" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-7u59-m3nn-q3gj" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/49885?format=api", "vulnerability_id": "VCID-cs7y-gg46-r3ca", "summary": "DotNetNuke.Core Vulnerable to Stored XSS in Scheduler LogNotes\nExtensions could write richtext in log notes which can include scripts that would run in the PersonaBar when displayed.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-24836", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00017", "scoring_system": "epss", "scoring_elements": "0.04161", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-24836" }, { "reference_url": "https://github.com/dnnsoftware/Dnn.Platform", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/dnnsoftware/Dnn.Platform" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-24836", "reference_id": "CVE-2026-24836", "reference_type": "", "scores": [ { "value": "7.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-24836" }, { "reference_url": "https://github.com/advisories/GHSA-2g5g-hcgh-q3rp", "reference_id": "GHSA-2g5g-hcgh-q3rp", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-2g5g-hcgh-q3rp" }, { "reference_url": "https://github.com/dnnsoftware/Dnn.Platform/security/advisories/GHSA-2g5g-hcgh-q3rp", "reference_id": "GHSA-2g5g-hcgh-q3rp", "reference_type": "", "scores": [ { "value": "7.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H" }, { "value": "7.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-01-28T21:04:00Z/" } ], "url": "https://github.com/dnnsoftware/Dnn.Platform/security/advisories/GHSA-2g5g-hcgh-q3rp" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/73660?format=api", "purl": "pkg:nuget/DotNetNuke.Core@10.2.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-77qd-hb2k-8uam" }, { "vulnerability": "VCID-7u59-m3nn-q3gj" }, { "vulnerability": "VCID-k8b8-4muv-gye5" }, { "vulnerability": "VCID-s3s5-gwjg-rqgv" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:nuget/DotNetNuke.Core@10.2.0" } ], "aliases": [ "CVE-2026-24836", "GHSA-2g5g-hcgh-q3rp" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-cs7y-gg46-r3ca" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/48225?format=api", "vulnerability_id": "VCID-e5pw-7tpb-qyb8", "summary": "DNN vulnerable to stored cross-site-scripting (XSS) via SVG upload\nSanitization of the content of uploaded SVG files was not covering all possible XSS scenarios.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-64094", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00025", "scoring_system": "epss", "scoring_elements": "0.07548", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00025", "scoring_system": "epss", "scoring_elements": "0.0754", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-64094" }, { "reference_url": "https://github.com/dnnsoftware/Dnn.Platform", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/dnnsoftware/Dnn.Platform" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-64094", "reference_id": "CVE-2025-64094", "reference_type": "", "scores": [ { "value": "6.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-64094" }, { "reference_url": "https://github.com/advisories/GHSA-hmvq-8p83-cq52", "reference_id": "GHSA-hmvq-8p83-cq52", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-hmvq-8p83-cq52" }, { "reference_url": "https://github.com/dnnsoftware/Dnn.Platform/security/advisories/GHSA-hmvq-8p83-cq52", "reference_id": "GHSA-hmvq-8p83-cq52", "reference_type": "", "scores": [ { "value": "6.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-29T14:51:54Z/" } ], "url": "https://github.com/dnnsoftware/Dnn.Platform/security/advisories/GHSA-hmvq-8p83-cq52" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/71228?format=api", "purl": "pkg:nuget/DotNetNuke.Core@10.1.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-77qd-hb2k-8uam" }, { "vulnerability": "VCID-7u59-m3nn-q3gj" }, { "vulnerability": "VCID-cs7y-gg46-r3ca" }, { "vulnerability": "VCID-k8b8-4muv-gye5" }, { "vulnerability": "VCID-q3bw-2pvk-17dg" }, { "vulnerability": "VCID-q97q-u1zk-rqhd" }, { "vulnerability": "VCID-r799-28wr-23bu" }, { "vulnerability": "VCID-s3s5-gwjg-rqgv" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:nuget/DotNetNuke.Core@10.1.1" } ], "aliases": [ "CVE-2025-64094", "GHSA-hmvq-8p83-cq52" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-e5pw-7tpb-qyb8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/90281?format=api", "vulnerability_id": "VCID-k8b8-4muv-gye5", "summary": "DNN: Force Friend Request Acceptance\nDNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Starting in version 6.0.0 and prior to version 10.2.2, in the friends feature, a user could craft a request that would force the acceptance of a friend request on another user. Version 10.2.2 patches the issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-40305", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00034", "scoring_system": "epss", "scoring_elements": "0.10515", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00034", "scoring_system": "epss", "scoring_elements": "0.10536", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-40305" }, { "reference_url": "https://github.com/dnnsoftware/Dnn.Platform", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/dnnsoftware/Dnn.Platform" }, { "reference_url": "https://github.com/dnnsoftware/Dnn.Platform/releases/tag/v10.2.2", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-20T13:22:45Z/" } ], "url": "https://github.com/dnnsoftware/Dnn.Platform/releases/tag/v10.2.2" }, { "reference_url": "https://github.com/dnnsoftware/Dnn.Platform/security/advisories/GHSA-fpj4-9qhx-5m6m", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-20T13:22:45Z/" } ], "url": "https://github.com/dnnsoftware/Dnn.Platform/security/advisories/GHSA-fpj4-9qhx-5m6m" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-40305", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-40305" }, { "reference_url": "https://github.com/advisories/GHSA-fpj4-9qhx-5m6m", "reference_id": "GHSA-fpj4-9qhx-5m6m", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-fpj4-9qhx-5m6m" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/110262?format=api", "purl": "pkg:nuget/DotNetNuke.Core@10.2.2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:nuget/DotNetNuke.Core@10.2.2" } ], "aliases": [ "CVE-2026-40305", "GHSA-fpj4-9qhx-5m6m" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-k8b8-4muv-gye5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/49880?format=api", "vulnerability_id": "VCID-q3bw-2pvk-17dg", "summary": "DotNetNuke.Core Vulnerable to Stored XSS in Module Deletion Confirmation Modal\nA module friendly name could include scripts that will run during some module operations in the Persona Bar.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-24837", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00017", "scoring_system": "epss", "scoring_elements": "0.04161", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-24837" }, { "reference_url": "https://github.com/dnnsoftware/Dnn.Platform", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/dnnsoftware/Dnn.Platform" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-24837", "reference_id": "CVE-2026-24837", "reference_type": "", "scores": [ { "value": "7.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-24837" }, { "reference_url": "https://github.com/advisories/GHSA-vm5q-8qww-h238", "reference_id": "GHSA-vm5q-8qww-h238", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-vm5q-8qww-h238" }, { "reference_url": "https://github.com/dnnsoftware/Dnn.Platform/security/advisories/GHSA-vm5q-8qww-h238", "reference_id": "GHSA-vm5q-8qww-h238", "reference_type": "", "scores": [ { "value": "7.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H" }, { "value": "7.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-01-28T21:02:52Z/" } ], "url": "https://github.com/dnnsoftware/Dnn.Platform/security/advisories/GHSA-vm5q-8qww-h238" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/73660?format=api", "purl": "pkg:nuget/DotNetNuke.Core@10.2.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-77qd-hb2k-8uam" }, { "vulnerability": "VCID-7u59-m3nn-q3gj" }, { "vulnerability": "VCID-k8b8-4muv-gye5" }, { "vulnerability": "VCID-s3s5-gwjg-rqgv" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:nuget/DotNetNuke.Core@10.2.0" } ], "aliases": [ "CVE-2026-24837", "GHSA-vm5q-8qww-h238" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-q3bw-2pvk-17dg" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/49878?format=api", "vulnerability_id": "VCID-q97q-u1zk-rqhd", "summary": "DotNetNuke.Core has a potential XSS vulnerability in modules' header and footer\nA content editor could inject scripts in module headers/footers that would run for other users.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-24784", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00054", "scoring_system": "epss", "scoring_elements": "0.17192", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00054", "scoring_system": "epss", "scoring_elements": "0.17196", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-24784" }, { "reference_url": "https://github.com/dnnsoftware/Dnn.Platform", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/dnnsoftware/Dnn.Platform" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-24784", "reference_id": "CVE-2026-24784", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-24784" }, { "reference_url": "https://github.com/advisories/GHSA-jjwg-4948-6wxp", "reference_id": "GHSA-jjwg-4948-6wxp", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-jjwg-4948-6wxp" }, { "reference_url": "https://github.com/dnnsoftware/Dnn.Platform/security/advisories/GHSA-jjwg-4948-6wxp", "reference_id": "GHSA-jjwg-4948-6wxp", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N" }, { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-28T15:06:32Z/" } ], "url": "https://github.com/dnnsoftware/Dnn.Platform/security/advisories/GHSA-jjwg-4948-6wxp" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/73660?format=api", "purl": "pkg:nuget/DotNetNuke.Core@10.2.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-77qd-hb2k-8uam" }, { "vulnerability": "VCID-7u59-m3nn-q3gj" }, { "vulnerability": "VCID-k8b8-4muv-gye5" }, { "vulnerability": "VCID-s3s5-gwjg-rqgv" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:nuget/DotNetNuke.Core@10.2.0" } ], "aliases": [ "CVE-2026-24784", "GHSA-jjwg-4948-6wxp" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-q97q-u1zk-rqhd" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/49871?format=api", "vulnerability_id": "VCID-r799-28wr-23bu", "summary": "DotNetNuke.Core Vulnerable to Stored XSS via Module Title\nModule title supports richtext which could include scripts that would execute in certain scenarios.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-24838", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00055", "scoring_system": "epss", "scoring_elements": "0.17496", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00055", "scoring_system": "epss", "scoring_elements": "0.175", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-24838" }, { "reference_url": "https://github.com/dnnsoftware/Dnn.Platform", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/dnnsoftware/Dnn.Platform" }, { "reference_url": "https://github.com/dnnsoftware/Dnn.Platform/commit/4a4bcbcdf3cedbf702816f8168c4d51bf688f7f6", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/dnnsoftware/Dnn.Platform/commit/4a4bcbcdf3cedbf702816f8168c4d51bf688f7f6" }, { "reference_url": "https://github.com/dnnsoftware/Dnn.Platform/releases/tag/v10.2.0", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/dnnsoftware/Dnn.Platform/releases/tag/v10.2.0" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-24838", "reference_id": "CVE-2026-24838", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-24838" }, { "reference_url": "https://github.com/advisories/GHSA-w9pf-h6m6-v89h", "reference_id": "GHSA-w9pf-h6m6-v89h", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-w9pf-h6m6-v89h" }, { "reference_url": "https://github.com/dnnsoftware/Dnn.Platform/security/advisories/GHSA-w9pf-h6m6-v89h", "reference_id": "GHSA-w9pf-h6m6-v89h", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-01-28T15:03:11Z/" } ], "url": "https://github.com/dnnsoftware/Dnn.Platform/security/advisories/GHSA-w9pf-h6m6-v89h" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/73660?format=api", "purl": "pkg:nuget/DotNetNuke.Core@10.2.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-77qd-hb2k-8uam" }, { "vulnerability": "VCID-7u59-m3nn-q3gj" }, { "vulnerability": "VCID-k8b8-4muv-gye5" }, { "vulnerability": "VCID-s3s5-gwjg-rqgv" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:nuget/DotNetNuke.Core@10.2.0" } ], "aliases": [ "CVE-2026-24838", "GHSA-w9pf-h6m6-v89h" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-r799-28wr-23bu" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/90191?format=api", "vulnerability_id": "VCID-s3s5-gwjg-rqgv", "summary": "DotNetNuke.Core security code analysis rules triggered\nThe codebase raises code analysis warnings related to security, including CA3075, CA5366, CA5371, CA5368, CA5369, CA5372, CA5379, CA5350, and CA5351.\n\nMost of these deal with disabling DTD processing in XML documents, but also includes cryptographic algorithm choices.", "references": [ { "reference_url": "https://github.com/dnnsoftware/Dnn.Platform", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/dnnsoftware/Dnn.Platform" }, { "reference_url": "https://github.com/dnnsoftware/Dnn.Platform/security/advisories/GHSA-fcpv-w245-r2q7", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/dnnsoftware/Dnn.Platform/security/advisories/GHSA-fcpv-w245-r2q7" }, { "reference_url": "https://github.com/advisories/GHSA-fcpv-w245-r2q7", "reference_id": "GHSA-fcpv-w245-r2q7", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-fcpv-w245-r2q7" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/110262?format=api", "purl": "pkg:nuget/DotNetNuke.Core@10.2.2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:nuget/DotNetNuke.Core@10.2.2" } ], "aliases": [ "GHSA-fcpv-w245-r2q7" ], "risk_score": 1.4, "exploitability": "0.5", "weighted_severity": "2.7", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-s3s5-gwjg-rqgv" } ], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/47830?format=api", "vulnerability_id": "VCID-erck-k36n-2yd2", "summary": "DNN allows loading unused themes on anonymous clients through query parameters\nArbitrary themes can be loaded through query parameters. If an installed theme had a vulnerability, even if it was not used on any page, this could be loaded on unsuspecting clients without knowledge of the site owner.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-59535", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00107", "scoring_system": "epss", "scoring_elements": "0.28453", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00107", "scoring_system": "epss", "scoring_elements": "0.28494", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-59535" }, { "reference_url": "https://dnncommunity.org/?SkinSrc=%5BG%5Dskins%2Fxcillion%2Fhome&ContainerSrc=%5BG%5DContainers%2FXcillion%2FNoTitle", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://dnncommunity.org/?SkinSrc=%5BG%5Dskins%2Fxcillion%2Fhome&ContainerSrc=%5BG%5DContainers%2FXcillion%2FNoTitle" }, { "reference_url": "https://github.com/dnnsoftware/Dnn.Platform", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/dnnsoftware/Dnn.Platform" }, { "reference_url": "https://github.com/dnnsoftware/Dnn.Platform/blob/develop/DNN%20Platform/Library/UI/Skins/Skin.cs#L305", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-09-23T20:08:12Z/" } ], "url": "https://github.com/dnnsoftware/Dnn.Platform/blob/develop/DNN%20Platform/Library/UI/Skins/Skin.cs#L305" }, { "reference_url": "https://github.com/dnnsoftware/Dnn.Platform/commit/72f30f69fd2214d77f6c2577dfcca495a24caf5c", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-09-23T20:08:12Z/" } ], "url": "https://github.com/dnnsoftware/Dnn.Platform/commit/72f30f69fd2214d77f6c2577dfcca495a24caf5c" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-59535", "reference_id": "CVE-2025-59535", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-59535" }, { "reference_url": "https://github.com/advisories/GHSA-wq2j-w9pm-7x2p", "reference_id": "GHSA-wq2j-w9pm-7x2p", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-wq2j-w9pm-7x2p" }, { "reference_url": "https://github.com/dnnsoftware/Dnn.Platform/security/advisories/GHSA-wq2j-w9pm-7x2p", "reference_id": "GHSA-wq2j-w9pm-7x2p", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-09-23T20:08:12Z/" } ], "url": "https://github.com/dnnsoftware/Dnn.Platform/security/advisories/GHSA-wq2j-w9pm-7x2p" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/70574?format=api", "purl": "pkg:nuget/DotNetNuke.Core@10.1.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-77qd-hb2k-8uam" }, { "vulnerability": "VCID-7u59-m3nn-q3gj" }, { "vulnerability": "VCID-cs7y-gg46-r3ca" }, { "vulnerability": "VCID-e5pw-7tpb-qyb8" }, { "vulnerability": "VCID-k8b8-4muv-gye5" }, { "vulnerability": "VCID-q3bw-2pvk-17dg" }, { "vulnerability": "VCID-q97q-u1zk-rqhd" }, { "vulnerability": "VCID-r799-28wr-23bu" }, { "vulnerability": "VCID-s3s5-gwjg-rqgv" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:nuget/DotNetNuke.Core@10.1.0" } ], "aliases": [ "CVE-2025-59535", "GHSA-wq2j-w9pm-7x2p" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-erck-k36n-2yd2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/47823?format=api", "vulnerability_id": "VCID-m9cg-wd76-zqcy", "summary": "Duplicate\nThis advisory duplicates another.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-59539", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00027", "scoring_system": "epss", "scoring_elements": "0.08259", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00027", "scoring_system": "epss", "scoring_elements": "0.08247", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-59539" }, { "reference_url": "https://github.com/dnnsoftware/Dnn.Platform", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/dnnsoftware/Dnn.Platform" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-59539", "reference_id": "CVE-2025-59539", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-59539" }, { "reference_url": "https://github.com/advisories/GHSA-7rcc-q6rq-jpcm", "reference_id": "GHSA-7rcc-q6rq-jpcm", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-7rcc-q6rq-jpcm" }, { "reference_url": "https://github.com/dnnsoftware/Dnn.Platform/security/advisories/GHSA-7rcc-q6rq-jpcm", "reference_id": "GHSA-7rcc-q6rq-jpcm", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-23T18:30:23Z/" } ], "url": "https://github.com/dnnsoftware/Dnn.Platform/security/advisories/GHSA-7rcc-q6rq-jpcm" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/70574?format=api", "purl": "pkg:nuget/DotNetNuke.Core@10.1.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-77qd-hb2k-8uam" }, { "vulnerability": "VCID-7u59-m3nn-q3gj" }, { "vulnerability": "VCID-cs7y-gg46-r3ca" }, { "vulnerability": "VCID-e5pw-7tpb-qyb8" }, { "vulnerability": "VCID-k8b8-4muv-gye5" }, { "vulnerability": "VCID-q3bw-2pvk-17dg" }, { "vulnerability": "VCID-q97q-u1zk-rqhd" }, { "vulnerability": "VCID-r799-28wr-23bu" }, { "vulnerability": "VCID-s3s5-gwjg-rqgv" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:nuget/DotNetNuke.Core@10.1.0" } ], "aliases": [ "CVE-2025-59539", "GHSA-7rcc-q6rq-jpcm" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-m9cg-wd76-zqcy" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/47837?format=api", "vulnerability_id": "VCID-msru-ycnu-zuhe", "summary": "DNN Vulnerable to Stored Cross-Site Scripting (XSS) in the Prompt module\nThe Prompt module allows execution of commands that can return raw HTML. Malicious input, even if sanitized for display elsewhere, can be executed when processed through certain commands, leading to potential script execution (XSS).", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-59545", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00071", "scoring_system": "epss", "scoring_elements": "0.2186", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00071", "scoring_system": "epss", "scoring_elements": "0.21872", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-59545" }, { "reference_url": "https://github.com/dnnsoftware/Dnn.Platform", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/dnnsoftware/Dnn.Platform" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-59545", "reference_id": "CVE-2025-59545", "reference_type": "", "scores": [ { "value": "9.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-59545" }, { "reference_url": "https://github.com/advisories/GHSA-2qxc-mf4x-wr29", "reference_id": "GHSA-2qxc-mf4x-wr29", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-2qxc-mf4x-wr29" }, { "reference_url": "https://github.com/dnnsoftware/Dnn.Platform/security/advisories/GHSA-2qxc-mf4x-wr29", "reference_id": "GHSA-2qxc-mf4x-wr29", "reference_type": "", "scores": [ { "value": "9.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H" }, { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-09-23T18:30:12Z/" } ], "url": "https://github.com/dnnsoftware/Dnn.Platform/security/advisories/GHSA-2qxc-mf4x-wr29" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/70574?format=api", "purl": "pkg:nuget/DotNetNuke.Core@10.1.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-77qd-hb2k-8uam" }, { "vulnerability": "VCID-7u59-m3nn-q3gj" }, { "vulnerability": "VCID-cs7y-gg46-r3ca" }, { "vulnerability": "VCID-e5pw-7tpb-qyb8" }, { "vulnerability": "VCID-k8b8-4muv-gye5" }, { "vulnerability": "VCID-q3bw-2pvk-17dg" }, { "vulnerability": "VCID-q97q-u1zk-rqhd" }, { "vulnerability": "VCID-r799-28wr-23bu" }, { "vulnerability": "VCID-s3s5-gwjg-rqgv" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:nuget/DotNetNuke.Core@10.1.0" } ], "aliases": [ "CVE-2025-59545", "GHSA-2qxc-mf4x-wr29" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-msru-ycnu-zuhe" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/47841?format=api", "vulnerability_id": "VCID-y61z-d6sj-qucc", "summary": "DNN vulnerable to Reflected Cross-Site Scripting (XSS) using url to profile\nA reflected cross-site scripting (XSS) vulnerability exists under certain conditions, using a specially crafter url to view a user profile", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-59821", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00031", "scoring_system": "epss", "scoring_elements": "0.09416", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00031", "scoring_system": "epss", "scoring_elements": "0.09399", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-59821" }, { "reference_url": "https://github.com/dnnsoftware/Dnn.Platform", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/dnnsoftware/Dnn.Platform" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-59821", "reference_id": "CVE-2025-59821", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-59821" }, { "reference_url": "https://github.com/advisories/GHSA-jc4g-c8ww-5738", "reference_id": "GHSA-jc4g-c8ww-5738", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-jc4g-c8ww-5738" }, { "reference_url": "https://github.com/dnnsoftware/Dnn.Platform/security/advisories/GHSA-jc4g-c8ww-5738", "reference_id": "GHSA-jc4g-c8ww-5738", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-23T18:29:53Z/" } ], "url": "https://github.com/dnnsoftware/Dnn.Platform/security/advisories/GHSA-jc4g-c8ww-5738" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/70574?format=api", "purl": "pkg:nuget/DotNetNuke.Core@10.1.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-77qd-hb2k-8uam" }, { "vulnerability": "VCID-7u59-m3nn-q3gj" }, { "vulnerability": "VCID-cs7y-gg46-r3ca" }, { "vulnerability": "VCID-e5pw-7tpb-qyb8" }, { "vulnerability": "VCID-k8b8-4muv-gye5" }, { "vulnerability": "VCID-q3bw-2pvk-17dg" }, { "vulnerability": "VCID-q97q-u1zk-rqhd" }, { "vulnerability": "VCID-r799-28wr-23bu" }, { "vulnerability": "VCID-s3s5-gwjg-rqgv" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:nuget/DotNetNuke.Core@10.1.0" } ], "aliases": [ "CVE-2025-59821", "GHSA-jc4g-c8ww-5738" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-y61z-d6sj-qucc" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/47839?format=api", "vulnerability_id": "VCID-zfex-gefk-byfa", "summary": "DNN Vulnerable to Stored XSS Using Backend Admin Credentials\nUsers that can edit modules could set a title that includes scripts.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-59546", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00025", "scoring_system": "epss", "scoring_elements": "0.07574", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00025", "scoring_system": "epss", "scoring_elements": "0.07566", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-59546" }, { "reference_url": "https://github.com/dnnsoftware/Dnn.Platform", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/dnnsoftware/Dnn.Platform" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-59546", "reference_id": "CVE-2025-59546", "reference_type": "", "scores": [ { "value": "2.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-59546" }, { "reference_url": "https://github.com/advisories/GHSA-gj8m-5492-q98h", "reference_id": "GHSA-gj8m-5492-q98h", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-gj8m-5492-q98h" }, { "reference_url": "https://github.com/dnnsoftware/Dnn.Platform/security/advisories/GHSA-gj8m-5492-q98h", "reference_id": "GHSA-gj8m-5492-q98h", "reference_type": "", "scores": [ { "value": "2.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N" }, { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-23T18:30:03Z/" } ], "url": "https://github.com/dnnsoftware/Dnn.Platform/security/advisories/GHSA-gj8m-5492-q98h" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/70574?format=api", "purl": "pkg:nuget/DotNetNuke.Core@10.1.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-77qd-hb2k-8uam" }, { "vulnerability": "VCID-7u59-m3nn-q3gj" }, { "vulnerability": "VCID-cs7y-gg46-r3ca" }, { "vulnerability": "VCID-e5pw-7tpb-qyb8" }, { "vulnerability": "VCID-k8b8-4muv-gye5" }, { "vulnerability": "VCID-q3bw-2pvk-17dg" }, { "vulnerability": "VCID-q97q-u1zk-rqhd" }, { "vulnerability": "VCID-r799-28wr-23bu" }, { "vulnerability": "VCID-s3s5-gwjg-rqgv" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:nuget/DotNetNuke.Core@10.1.0" } ], "aliases": [ "CVE-2025-59546", "GHSA-gj8m-5492-q98h" ], "risk_score": 1.4, "exploitability": "0.5", "weighted_severity": "2.7", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-zfex-gefk-byfa" } ], "risk_score": "4.5", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:nuget/DotNetNuke.Core@10.1.0" }