VulnerableCode Package Details - pkg:nuget/DotNetNuke.Core@9.2.0

Search for packages

Vulnerability	Summary	Fixed by
VCID-dnf9-9hrt-1qfx Aliases: CVE-2018-15811 GHSA-h595-8pw6-5q6v	Inadequate Encryption Strength in DotNetNuke DNN (aka DotNetNuke) 9.2 through 9.2.1 uses a weak encryption algorithm to protect input parameters.	9.2.2 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}
VCID-jw1r-pvtw-d3bz Aliases: CVE-2018-15812	Insufficient Entropy DNN (aka DotNetNuke) incorrectly converts encryption key source values, resulting in lower than expected entropy.	9.3.0 Affected by 0 other vulnerabilities.
VCID-uk5d-ubkt-6fhn Aliases: CVE-2018-18326	Insufficient Entropy DNN (aka DotNetNuke) incorrectly converts encryption key source values, resulting in lower than expected entropy. NOTE: this issue exists because of an incomplete fix for CVE-2018-15812.	9.3.0 Affected by 0 other vulnerabilities.

Vulnerability

Summary

Fixed by

VCID-dnf9-9hrt-1qfx
Aliases:
CVE-2018-15811
GHSA-h595-8pw6-5q6v

Inadequate Encryption Strength in DotNetNuke DNN (aka DotNetNuke) 9.2 through 9.2.1 uses a weak encryption algorithm to protect input parameters.

9.2.2
Affected by 1 other vulnerability.

VCID-jw1r-pvtw-d3bz
Aliases:
CVE-2018-15812

Insufficient Entropy DNN (aka DotNetNuke) incorrectly converts encryption key source values, resulting in lower than expected entropy.

9.3.0
Affected by 0 other vulnerabilities.

VCID-uk5d-ubkt-6fhn
Aliases:
CVE-2018-18326

Insufficient Entropy DNN (aka DotNetNuke) incorrectly converts encryption key source values, resulting in lower than expected entropy. NOTE: this issue exists because of an incomplete fix for CVE-2018-15812.

9.3.0
Affected by 0 other vulnerabilities.

Vulnerability	Summary	Aliases
VCID-ez48-21un-3fe7	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') DNN (formerly DotNetNuke) allows cross-site scripting (XSS) via XML.	CVE-2018-14486

Vulnerability

Summary

Aliases

VCID-ez48-21un-3fe7

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') DNN (formerly DotNetNuke) allows cross-site scripting (XSS) via XML.

CVE-2018-14486

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-06-02T04:39:24.728966+00:00	GitLab Importer	Affected by	VCID-dnf9-9hrt-1qfx	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/nuget/DotNetNuke.Core/CVE-2018-15811.yml	38.6.0
2026-06-02T04:39:24.397113+00:00	GitLab Importer	Affected by	VCID-uk5d-ubkt-6fhn	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/nuget/DotNetNuke.Core/CVE-2018-18326.yml	38.6.0
2026-06-02T04:39:24.279949+00:00	GitLab Importer	Affected by	VCID-jw1r-pvtw-d3bz	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/nuget/DotNetNuke.Core/CVE-2018-15812.yml	38.6.0
2026-06-02T04:39:00.864311+00:00	GitLab Importer	Fixing	VCID-ez48-21un-3fe7	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/nuget/DotNetNuke.Core/CVE-2018-14486.yml	38.6.0