Search for packages
| purl | pkg:nuget/DotNetNuke.Core@10.1.2 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-77qd-hb2k-8uam
Aliases: CVE-2026-40306 GHSA-2rhw-gw3f-477j |
DNN: Same HostGUID for all new installs DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. All new installations of DNN 10.x.x - 10.2.1 have the same Host GUID. This does not affect upgrades from 9.x.x. Version 10.2.2 patches the issue. |
Affected by 0 other vulnerabilities. |
|
VCID-7u59-m3nn-q3gj
Aliases: CVE-2026-40321 GHSA-ffq7-898w-9jc4 |
DotNetNuke.Core has stored cross-site-scripting (XSS) via SVG upload DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Prior to version 10.2.2, a user could upload a specially crafted SVG file that could include scripts that can target both authenticated and unauthenticated DNN users. The impact is increased if the scripts are run by a power user. Version 10.2.2 patches the issue. |
Affected by 0 other vulnerabilities. |
|
VCID-cs7y-gg46-r3ca
Aliases: CVE-2026-24836 GHSA-2g5g-hcgh-q3rp |
DotNetNuke.Core Vulnerable to Stored XSS in Scheduler LogNotes Extensions could write richtext in log notes which can include scripts that would run in the PersonaBar when displayed. |
Affected by 4 other vulnerabilities. |
|
VCID-k8b8-4muv-gye5
Aliases: CVE-2026-40305 GHSA-fpj4-9qhx-5m6m |
DNN: Force Friend Request Acceptance DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Starting in version 6.0.0 and prior to version 10.2.2, in the friends feature, a user could craft a request that would force the acceptance of a friend request on another user. Version 10.2.2 patches the issue. |
Affected by 0 other vulnerabilities. |
|
VCID-q3bw-2pvk-17dg
Aliases: CVE-2026-24837 GHSA-vm5q-8qww-h238 |
DotNetNuke.Core Vulnerable to Stored XSS in Module Deletion Confirmation Modal A module friendly name could include scripts that will run during some module operations in the Persona Bar. |
Affected by 4 other vulnerabilities. |
|
VCID-q97q-u1zk-rqhd
Aliases: CVE-2026-24784 GHSA-jjwg-4948-6wxp |
DotNetNuke.Core has a potential XSS vulnerability in modules' header and footer A content editor could inject scripts in module headers/footers that would run for other users. |
Affected by 4 other vulnerabilities. |
|
VCID-r799-28wr-23bu
Aliases: CVE-2026-24838 GHSA-w9pf-h6m6-v89h |
DotNetNuke.Core Vulnerable to Stored XSS via Module Title Module title supports richtext which could include scripts that would execute in certain scenarios. |
Affected by 4 other vulnerabilities. |
|
VCID-s3s5-gwjg-rqgv
Aliases: GHSA-fcpv-w245-r2q7 |
DotNetNuke.Core security code analysis rules triggered The codebase raises code analysis warnings related to security, including CA3075, CA5366, CA5371, CA5368, CA5369, CA5372, CA5379, CA5350, and CA5351. Most of these deal with disabling DTD processing in XML documents, but also includes cryptographic algorithm choices. |
Affected by 0 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||