Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:nuget/DotNetNuke.Core@10.1.1
Typenuget
Namespace
NameDotNetNuke.Core
Version10.1.1
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version10.2.2
Latest_non_vulnerable_version10.2.2
Affected_by_vulnerabilities
0
url VCID-77qd-hb2k-8uam
vulnerability_id VCID-77qd-hb2k-8uam
summary 
DNN: Same HostGUID for all new installs
DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. All new installations of DNN 10.x.x - 10.2.1 have the same Host GUID. This does not affect upgrades from 9.x.x. Version 10.2.2 patches the issue.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-40306
reference_id
reference_type
scores
0
value 0.00041
scoring_system epss
scoring_elements 0.1296
published_at 2026-06-07T12:55:00Z
1
value 0.00041
scoring_system epss
scoring_elements 0.12999
published_at 2026-06-06T12:55:00Z
2
value 0.00041
scoring_system epss
scoring_elements 0.12996
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-40306
1
reference_url https://github.com/dnnsoftware/Dnn.Platform
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/dnnsoftware/Dnn.Platform
2
reference_url https://github.com/dnnsoftware/Dnn.Platform/releases/tag/v10.2.2
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
2
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
3
value MODERATE
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-20T16:18:17Z/
url https://github.com/dnnsoftware/Dnn.Platform/releases/tag/v10.2.2
3
reference_url https://github.com/dnnsoftware/Dnn.Platform/security/advisories/GHSA-2rhw-gw3f-477j
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
3
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
4
value MODERATE
scoring_system generic_textual
scoring_elements
5
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-20T16:18:17Z/
url https://github.com/dnnsoftware/Dnn.Platform/security/advisories/GHSA-2rhw-gw3f-477j
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-40306
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-40306
5
reference_url https://github.com/advisories/GHSA-2rhw-gw3f-477j
reference_id GHSA-2rhw-gw3f-477j
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-2rhw-gw3f-477j
fixed_packages
0
url pkg:nuget/DotNetNuke.Core@10.2.2
purl pkg:nuget/DotNetNuke.Core@10.2.2
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:nuget/DotNetNuke.Core@10.2.2
aliases CVE-2026-40306, GHSA-2rhw-gw3f-477j
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-77qd-hb2k-8uam
1
url VCID-7u59-m3nn-q3gj
vulnerability_id VCID-7u59-m3nn-q3gj
summary 
DotNetNuke.Core has stored cross-site-scripting (XSS) via SVG upload
DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Prior to version 10.2.2, a user could upload a specially crafted SVG file that could include scripts that can target both authenticated and unauthenticated DNN users. The impact is increased if the scripts are run by a power user. Version 10.2.2 patches the issue.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-40321
reference_id
reference_type
scores
0
value 0.00021
scoring_system epss
scoring_elements 0.0611
published_at 2026-06-06T12:55:00Z
1
value 0.00021
scoring_system epss
scoring_elements 0.06106
published_at 2026-06-07T12:55:00Z
2
value 0.00021
scoring_system epss
scoring_elements 0.06122
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-40321
1
reference_url https://github.com/dnnsoftware/Dnn.Platform
reference_id
reference_type
scores
0
value 8.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/dnnsoftware/Dnn.Platform
2
reference_url https://github.com/dnnsoftware/Dnn.Platform/releases/tag/v10.2.2
reference_id
reference_type
scores
0
value 8.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H
1
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-20T16:00:34Z/
url https://github.com/dnnsoftware/Dnn.Platform/releases/tag/v10.2.2
3
reference_url https://github.com/dnnsoftware/Dnn.Platform/security/advisories/GHSA-ffq7-898w-9jc4
reference_id
reference_type
scores
0
value 8.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H
1
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H
2
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
3
value HIGH
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-20T16:00:34Z/
url https://github.com/dnnsoftware/Dnn.Platform/security/advisories/GHSA-ffq7-898w-9jc4
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-40321
reference_id
reference_type
scores
0
value 8.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-40321
5
reference_url https://github.com/advisories/GHSA-ffq7-898w-9jc4
reference_id GHSA-ffq7-898w-9jc4
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-ffq7-898w-9jc4
fixed_packages
0
url pkg:nuget/DotNetNuke.Core@10.2.2
purl pkg:nuget/DotNetNuke.Core@10.2.2
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:nuget/DotNetNuke.Core@10.2.2
aliases CVE-2026-40321, GHSA-ffq7-898w-9jc4
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-7u59-m3nn-q3gj
2
url VCID-cs7y-gg46-r3ca
vulnerability_id VCID-cs7y-gg46-r3ca
summary 
DotNetNuke.Core Vulnerable to Stored XSS in Scheduler LogNotes
Extensions could write richtext in log notes which can include scripts that would run in the PersonaBar when displayed.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-24836
reference_id
reference_type
scores
0
value 0.00017
scoring_system epss
scoring_elements 0.04147
published_at 2026-06-07T12:55:00Z
1
value 0.00017
scoring_system epss
scoring_elements 0.04161
published_at 2026-06-06T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-24836
1
reference_url https://github.com/dnnsoftware/Dnn.Platform
reference_id
reference_type
scores
0
value 7.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/dnnsoftware/Dnn.Platform
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-24836
reference_id CVE-2026-24836
reference_type
scores
0
value 7.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-24836
3
reference_url https://github.com/advisories/GHSA-2g5g-hcgh-q3rp
reference_id GHSA-2g5g-hcgh-q3rp
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-2g5g-hcgh-q3rp
4
reference_url https://github.com/dnnsoftware/Dnn.Platform/security/advisories/GHSA-2g5g-hcgh-q3rp
reference_id GHSA-2g5g-hcgh-q3rp
reference_type
scores
0
value 7.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H
1
value 7.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H
2
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
3
value HIGH
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-01-28T21:04:00Z/
url https://github.com/dnnsoftware/Dnn.Platform/security/advisories/GHSA-2g5g-hcgh-q3rp
fixed_packages
0
url pkg:nuget/DotNetNuke.Core@10.2.0
purl pkg:nuget/DotNetNuke.Core@10.2.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-77qd-hb2k-8uam
1
vulnerability VCID-7u59-m3nn-q3gj
2
vulnerability VCID-k8b8-4muv-gye5
3
vulnerability VCID-s3s5-gwjg-rqgv
resource_url http://public2.vulnerablecode.io/packages/pkg:nuget/DotNetNuke.Core@10.2.0
aliases CVE-2026-24836, GHSA-2g5g-hcgh-q3rp
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-cs7y-gg46-r3ca
3
url VCID-k8b8-4muv-gye5
vulnerability_id VCID-k8b8-4muv-gye5
summary 
DNN: Force Friend Request Acceptance
DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Starting in version 6.0.0 and prior to version 10.2.2, in the friends feature, a user could craft a request that would force the acceptance of a friend request on another user. Version 10.2.2 patches the issue.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-40305
reference_id
reference_type
scores
0
value 0.00034
scoring_system epss
scoring_elements 0.10497
published_at 2026-06-07T12:55:00Z
1
value 0.00034
scoring_system epss
scoring_elements 0.10536
published_at 2026-06-06T12:55:00Z
2
value 0.00034
scoring_system epss
scoring_elements 0.10515
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-40305
1
reference_url https://github.com/dnnsoftware/Dnn.Platform
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/dnnsoftware/Dnn.Platform
2
reference_url https://github.com/dnnsoftware/Dnn.Platform/releases/tag/v10.2.2
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-20T13:22:45Z/
url https://github.com/dnnsoftware/Dnn.Platform/releases/tag/v10.2.2
3
reference_url https://github.com/dnnsoftware/Dnn.Platform/security/advisories/GHSA-fpj4-9qhx-5m6m
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-20T13:22:45Z/
url https://github.com/dnnsoftware/Dnn.Platform/security/advisories/GHSA-fpj4-9qhx-5m6m
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-40305
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-40305
5
reference_url https://github.com/advisories/GHSA-fpj4-9qhx-5m6m
reference_id GHSA-fpj4-9qhx-5m6m
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-fpj4-9qhx-5m6m
fixed_packages
0
url pkg:nuget/DotNetNuke.Core@10.2.2
purl pkg:nuget/DotNetNuke.Core@10.2.2
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:nuget/DotNetNuke.Core@10.2.2
aliases CVE-2026-40305, GHSA-fpj4-9qhx-5m6m
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-k8b8-4muv-gye5
4
url VCID-q3bw-2pvk-17dg
vulnerability_id VCID-q3bw-2pvk-17dg
summary 
DotNetNuke.Core Vulnerable to Stored XSS in Module Deletion Confirmation Modal
A module friendly name could include scripts that will run during some module operations in the Persona Bar.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-24837
reference_id
reference_type
scores
0
value 0.00017
scoring_system epss
scoring_elements 0.04147
published_at 2026-06-07T12:55:00Z
1
value 0.00017
scoring_system epss
scoring_elements 0.04161
published_at 2026-06-06T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-24837
1
reference_url https://github.com/dnnsoftware/Dnn.Platform
reference_id
reference_type
scores
0
value 7.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/dnnsoftware/Dnn.Platform
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-24837
reference_id CVE-2026-24837
reference_type
scores
0
value 7.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-24837
3
reference_url https://github.com/advisories/GHSA-vm5q-8qww-h238
reference_id GHSA-vm5q-8qww-h238
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-vm5q-8qww-h238
4
reference_url https://github.com/dnnsoftware/Dnn.Platform/security/advisories/GHSA-vm5q-8qww-h238
reference_id GHSA-vm5q-8qww-h238
reference_type
scores
0
value 7.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H
1
value 7.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H
2
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
3
value HIGH
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-01-28T21:02:52Z/
url https://github.com/dnnsoftware/Dnn.Platform/security/advisories/GHSA-vm5q-8qww-h238
fixed_packages
0
url pkg:nuget/DotNetNuke.Core@10.2.0
purl pkg:nuget/DotNetNuke.Core@10.2.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-77qd-hb2k-8uam
1
vulnerability VCID-7u59-m3nn-q3gj
2
vulnerability VCID-k8b8-4muv-gye5
3
vulnerability VCID-s3s5-gwjg-rqgv
resource_url http://public2.vulnerablecode.io/packages/pkg:nuget/DotNetNuke.Core@10.2.0
aliases CVE-2026-24837, GHSA-vm5q-8qww-h238
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-q3bw-2pvk-17dg
5
url VCID-q97q-u1zk-rqhd
vulnerability_id VCID-q97q-u1zk-rqhd
summary 
DotNetNuke.Core has a potential XSS vulnerability in modules' header and footer
A content editor could inject scripts in module headers/footers that would run for other users.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-24784
reference_id
reference_type
scores
0
value 0.00054
scoring_system epss
scoring_elements 0.17157
published_at 2026-06-07T12:55:00Z
1
value 0.00054
scoring_system epss
scoring_elements 0.17192
published_at 2026-06-06T12:55:00Z
2
value 0.00054
scoring_system epss
scoring_elements 0.17196
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-24784
1
reference_url https://github.com/dnnsoftware/Dnn.Platform
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/dnnsoftware/Dnn.Platform
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-24784
reference_id CVE-2026-24784
reference_type
scores
0
value 6.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-24784
3
reference_url https://github.com/advisories/GHSA-jjwg-4948-6wxp
reference_id GHSA-jjwg-4948-6wxp
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-jjwg-4948-6wxp
4
reference_url https://github.com/dnnsoftware/Dnn.Platform/security/advisories/GHSA-jjwg-4948-6wxp
reference_id GHSA-jjwg-4948-6wxp
reference_type
scores
0
value 6.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N
1
value 6.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:L/A:N
2
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
3
value MODERATE
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-28T15:06:32Z/
url https://github.com/dnnsoftware/Dnn.Platform/security/advisories/GHSA-jjwg-4948-6wxp
fixed_packages
0
url pkg:nuget/DotNetNuke.Core@10.2.0
purl pkg:nuget/DotNetNuke.Core@10.2.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-77qd-hb2k-8uam
1
vulnerability VCID-7u59-m3nn-q3gj
2
vulnerability VCID-k8b8-4muv-gye5
3
vulnerability VCID-s3s5-gwjg-rqgv
resource_url http://public2.vulnerablecode.io/packages/pkg:nuget/DotNetNuke.Core@10.2.0
aliases CVE-2026-24784, GHSA-jjwg-4948-6wxp
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-q97q-u1zk-rqhd
6
url VCID-r799-28wr-23bu
vulnerability_id VCID-r799-28wr-23bu
summary 
DotNetNuke.Core Vulnerable to Stored XSS via Module Title
Module title supports richtext which could include scripts that would execute in certain scenarios.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-24838
reference_id
reference_type
scores
0
value 0.00055
scoring_system epss
scoring_elements 0.17459
published_at 2026-06-07T12:55:00Z
1
value 0.00055
scoring_system epss
scoring_elements 0.17496
published_at 2026-06-06T12:55:00Z
2
value 0.00055
scoring_system epss
scoring_elements 0.175
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-24838
1
reference_url https://github.com/dnnsoftware/Dnn.Platform
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/dnnsoftware/Dnn.Platform
2
reference_url https://github.com/dnnsoftware/Dnn.Platform/commit/4a4bcbcdf3cedbf702816f8168c4d51bf688f7f6
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/dnnsoftware/Dnn.Platform/commit/4a4bcbcdf3cedbf702816f8168c4d51bf688f7f6
3
reference_url https://github.com/dnnsoftware/Dnn.Platform/releases/tag/v10.2.0
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/dnnsoftware/Dnn.Platform/releases/tag/v10.2.0
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-24838
reference_id CVE-2026-24838
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-24838
5
reference_url https://github.com/advisories/GHSA-w9pf-h6m6-v89h
reference_id GHSA-w9pf-h6m6-v89h
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-w9pf-h6m6-v89h
6
reference_url https://github.com/dnnsoftware/Dnn.Platform/security/advisories/GHSA-w9pf-h6m6-v89h
reference_id GHSA-w9pf-h6m6-v89h
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
1
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-01-28T15:03:11Z/
url https://github.com/dnnsoftware/Dnn.Platform/security/advisories/GHSA-w9pf-h6m6-v89h
fixed_packages
0
url pkg:nuget/DotNetNuke.Core@10.2.0
purl pkg:nuget/DotNetNuke.Core@10.2.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-77qd-hb2k-8uam
1
vulnerability VCID-7u59-m3nn-q3gj
2
vulnerability VCID-k8b8-4muv-gye5
3
vulnerability VCID-s3s5-gwjg-rqgv
resource_url http://public2.vulnerablecode.io/packages/pkg:nuget/DotNetNuke.Core@10.2.0
aliases CVE-2026-24838, GHSA-w9pf-h6m6-v89h
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-r799-28wr-23bu
7
url VCID-s3s5-gwjg-rqgv
vulnerability_id VCID-s3s5-gwjg-rqgv
summary 
DotNetNuke.Core security code analysis rules triggered
The codebase raises code analysis warnings related to security, including CA3075, CA5366, CA5371, CA5368, CA5369, CA5372, CA5379, CA5350, and CA5351.

Most of these deal with disabling DTD processing in XML documents, but also includes cryptographic algorithm choices.
references
0
reference_url https://github.com/dnnsoftware/Dnn.Platform
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/dnnsoftware/Dnn.Platform
1
reference_url https://github.com/dnnsoftware/Dnn.Platform/security/advisories/GHSA-fcpv-w245-r2q7
reference_id
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/dnnsoftware/Dnn.Platform/security/advisories/GHSA-fcpv-w245-r2q7
2
reference_url https://github.com/advisories/GHSA-fcpv-w245-r2q7
reference_id GHSA-fcpv-w245-r2q7
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-fcpv-w245-r2q7
fixed_packages
0
url pkg:nuget/DotNetNuke.Core@10.2.2
purl pkg:nuget/DotNetNuke.Core@10.2.2
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:nuget/DotNetNuke.Core@10.2.2
aliases GHSA-fcpv-w245-r2q7
risk_score 1.4
exploitability 0.5
weighted_severity 2.7
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-s3s5-gwjg-rqgv
Fixing_vulnerabilities
0
url VCID-e5pw-7tpb-qyb8
vulnerability_id VCID-e5pw-7tpb-qyb8
summary 
DNN vulnerable to stored cross-site-scripting (XSS) via SVG upload
Sanitization of the content of uploaded SVG files was not covering all possible XSS scenarios.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-64094
reference_id
reference_type
scores
0
value 0.00025
scoring_system epss
scoring_elements 0.07527
published_at 2026-06-07T12:55:00Z
1
value 0.00025
scoring_system epss
scoring_elements 0.07548
published_at 2026-06-06T12:55:00Z
2
value 0.00025
scoring_system epss
scoring_elements 0.0754
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-64094
1
reference_url https://github.com/dnnsoftware/Dnn.Platform
reference_id
reference_type
scores
0
value 6.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/dnnsoftware/Dnn.Platform
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-64094
reference_id CVE-2025-64094
reference_type
scores
0
value 6.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-64094
3
reference_url https://github.com/advisories/GHSA-hmvq-8p83-cq52
reference_id GHSA-hmvq-8p83-cq52
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-hmvq-8p83-cq52
4
reference_url https://github.com/dnnsoftware/Dnn.Platform/security/advisories/GHSA-hmvq-8p83-cq52
reference_id GHSA-hmvq-8p83-cq52
reference_type
scores
0
value 6.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-29T14:51:54Z/
url https://github.com/dnnsoftware/Dnn.Platform/security/advisories/GHSA-hmvq-8p83-cq52
fixed_packages
0
url pkg:nuget/DotNetNuke.Core@10.1.1
purl pkg:nuget/DotNetNuke.Core@10.1.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-77qd-hb2k-8uam
1
vulnerability VCID-7u59-m3nn-q3gj
2
vulnerability VCID-cs7y-gg46-r3ca
3
vulnerability VCID-k8b8-4muv-gye5
4
vulnerability VCID-q3bw-2pvk-17dg
5
vulnerability VCID-q97q-u1zk-rqhd
6
vulnerability VCID-r799-28wr-23bu
7
vulnerability VCID-s3s5-gwjg-rqgv
resource_url http://public2.vulnerablecode.io/packages/pkg:nuget/DotNetNuke.Core@10.1.1
aliases CVE-2025-64094, GHSA-hmvq-8p83-cq52
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-e5pw-7tpb-qyb8
Risk_score4.5
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:nuget/DotNetNuke.Core@10.1.1