Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:nuget/DotNetNuke.Core@9.3.0

Type nuget

Namespace

Name DotNetNuke.Core

Version 9.3.0

Qualifiers

Subpath

Is_vulnerable true

Next_non_vulnerable_version 10.2.2

Latest_non_vulnerable_version 10.2.2

Affected_by_vulnerabilities

url VCID-2d1y-21mg-9kdx

vulnerability_id VCID-2d1y-21mg-9kdx

summary DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Prior to version 10.1.0, administrators and content editors can set html in module titles that could include javascript which could be used for XSS based attacks. This issue has been patched in version 10.1.0.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-59546

reference_id

reference_type

scores

value	0.00038
scoring_system	epss
scoring_elements	0.11848
published_at	2026-06-13T12:55:00Z

value	0.00038
scoring_system	epss
scoring_elements	0.11765
published_at	2026-06-11T12:55:00Z

value	0.00038
scoring_system	epss
scoring_elements	0.11849
published_at	2026-06-12T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-59546

reference_url

https://github.com/dnnsoftware/Dnn.Platform

reference_id

reference_type

scores

value	2.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://github.com/dnnsoftware/Dnn.Platform

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2025-59546

reference_id

reference_type

scores

value	2.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2025-59546

reference_url

https://github.com/advisories/GHSA-gj8m-5492-q98h

reference_id

GHSA-gj8m-5492-q98h

reference_type

scores

value	LOW
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-gj8m-5492-q98h

reference_url

https://github.com/dnnsoftware/Dnn.Platform/security/advisories/GHSA-gj8m-5492-q98h

reference_id

GHSA-gj8m-5492-q98h

reference_type

scores

value	2.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N

value	LOW
scoring_system	cvssv3.1_qr
scoring_elements

value	LOW
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-23T18:30:03Z/

url

https://github.com/dnnsoftware/Dnn.Platform/security/advisories/GHSA-gj8m-5492-q98h

fixed_packages

url pkg:nuget/DotNetNuke.Core@10.1.0

purl pkg:nuget/DotNetNuke.Core@10.1.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6227-44sm-nkbb

vulnerability	VCID-axxm-bb71-33dj

vulnerability	VCID-fyxq-vtfm-s3ec

vulnerability	VCID-k89y-aedv-uugd

vulnerability	VCID-kwns-m3j3-8kb7

vulnerability	VCID-q7dx-jb8e-wua4

vulnerability	VCID-smd5-xy65-jufc

vulnerability	VCID-wau9-knn5-vqbp

vulnerability	VCID-z9tg-26ja-c7hw

resource_url http://public2.vulnerablecode.io/packages/pkg:nuget/DotNetNuke.Core@10.1.0

aliases CVE-2025-59546, GHSA-gj8m-5492-q98h

risk_score 1.4

exploitability 0.5

weighted_severity 2.7

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-2d1y-21mg-9kdx

url VCID-4wd1-t7cm-9yd2

vulnerability_id VCID-4wd1-t7cm-9yd2

summary DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Prior to version 9.13.9, uploaded SVG files could contain scripts and if rendered inline those scripts could run allowing XSS attacks. Version 9.13.9 fixes the issue.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-48378

reference_id

reference_type

scores

value	0.00055
scoring_system	epss
scoring_elements	0.17657
published_at	2026-06-11T12:55:00Z

value	0.00055
scoring_system	epss
scoring_elements	0.17834
published_at	2026-06-13T12:55:00Z

value	0.00055
scoring_system	epss
scoring_elements	0.17817
published_at	2026-06-12T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-48378

reference_url

https://github.com/dnnsoftware/Dnn.Platform

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/dnnsoftware/Dnn.Platform

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2025-48378

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2025-48378

reference_url

https://github.com/dnnsoftware/Dnn.Platform/commit/cfed83c291d5e5072b2fa70924a8b7c35b1cdf9e

reference_id

cfed83c291d5e5072b2fa70924a8b7c35b1cdf9e

reference_type

scores

value	6.1
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-23T16:00:53Z/

url

https://github.com/dnnsoftware/Dnn.Platform/commit/cfed83c291d5e5072b2fa70924a8b7c35b1cdf9e

reference_url	https://github.com/advisories/GHSA-m4hf-fxcg-cp34
reference_id	GHSA-m4hf-fxcg-cp34
reference_type
scores
url	https://github.com/advisories/GHSA-m4hf-fxcg-cp34

reference_url

https://github.com/dnnsoftware/Dnn.Platform/security/advisories/GHSA-m4hf-fxcg-cp34

reference_id

GHSA-m4hf-fxcg-cp34

reference_type

scores

value	6.1
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-23T16:00:53Z/

url

https://github.com/dnnsoftware/Dnn.Platform/security/advisories/GHSA-m4hf-fxcg-cp34

fixed_packages

url pkg:nuget/DotNetNuke.Core@9.13.9

purl pkg:nuget/DotNetNuke.Core@9.13.9

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2d1y-21mg-9kdx

vulnerability	VCID-6227-44sm-nkbb

vulnerability	VCID-as6z-jr8m-6kbm

vulnerability	VCID-axxm-bb71-33dj

vulnerability	VCID-c87b-2p6c-xqh8

vulnerability	VCID-epah-7729-rqba

vulnerability	VCID-fyxq-vtfm-s3ec

vulnerability	VCID-k89y-aedv-uugd

vulnerability	VCID-kwns-m3j3-8kb7

vulnerability	VCID-q7dx-jb8e-wua4

vulnerability	VCID-smd5-xy65-jufc

vulnerability	VCID-trdq-rcjg-s7gy

vulnerability	VCID-wau9-knn5-vqbp

resource_url http://public2.vulnerablecode.io/packages/pkg:nuget/DotNetNuke.Core@9.13.9

aliases CVE-2025-48378, GHSA-m4hf-fxcg-cp34

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-4wd1-t7cm-9yd2

url VCID-6227-44sm-nkbb

vulnerability_id VCID-6227-44sm-nkbb

summary DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Starting in version 9.0.0 and prior to versions 9.13.10 and 10.2.0, extensions could write richtext in log notes which can include scripts that would run in the PersonaBar when displayed. Versions 9.13.10 and 10.2.0 contain a fix for the issue.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2026-24836

reference_id

reference_type

scores

value	0.00017
scoring_system	epss
scoring_elements	0.04163
published_at	2026-06-11T12:55:00Z

value	0.00017
scoring_system	epss
scoring_elements	0.04162
published_at	2026-06-13T12:55:00Z

value	0.00017
scoring_system	epss
scoring_elements	0.04175
published_at	2026-06-12T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2026-24836

reference_url

https://github.com/dnnsoftware/Dnn.Platform

reference_id

reference_type

scores

value	7.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/dnnsoftware/Dnn.Platform

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2026-24836

reference_id

CVE-2026-24836

reference_type

scores

value	7.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2026-24836

reference_url

https://github.com/advisories/GHSA-2g5g-hcgh-q3rp

reference_id

GHSA-2g5g-hcgh-q3rp

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-2g5g-hcgh-q3rp

reference_url

https://github.com/dnnsoftware/Dnn.Platform/security/advisories/GHSA-2g5g-hcgh-q3rp

reference_id

GHSA-2g5g-hcgh-q3rp

reference_type

scores

value	7.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H

value	7.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-01-28T21:04:00Z/

url

https://github.com/dnnsoftware/Dnn.Platform/security/advisories/GHSA-2g5g-hcgh-q3rp

fixed_packages

url pkg:nuget/DotNetNuke.Core@10.2.0

purl pkg:nuget/DotNetNuke.Core@10.2.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-axxm-bb71-33dj

vulnerability	VCID-kwns-m3j3-8kb7

vulnerability	VCID-q7dx-jb8e-wua4

vulnerability	VCID-z9tg-26ja-c7hw

resource_url http://public2.vulnerablecode.io/packages/pkg:nuget/DotNetNuke.Core@10.2.0

aliases CVE-2026-24836, GHSA-2g5g-hcgh-q3rp

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-6227-44sm-nkbb

url VCID-76dr-n4fx-nud6

vulnerability_id VCID-76dr-n4fx-nud6

summary

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2021-40186

reference_id

reference_type

scores

value	0.00311
scoring_system	epss
scoring_elements	0.54749
published_at	2026-06-11T12:55:00Z

value	0.00311
scoring_system	epss
scoring_elements	0.54872
published_at	2026-06-12T12:55:00Z

value	0.00311
scoring_system	epss
scoring_elements	0.54889
published_at	2026-06-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-40186

reference_url	https://appcheck-ng.com/dnn-cms-server-side-request-forgery-cve-2021-40186
reference_id
reference_type
scores
url	https://appcheck-ng.com/dnn-cms-server-side-request-forgery-cve-2021-40186

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2021-40186
reference_id	CVE-2021-40186
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2021-40186

fixed_packages

url pkg:nuget/DotNetNuke.Core@9.13.0-ci0000

purl pkg:nuget/DotNetNuke.Core@9.13.0-ci0000

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2d1y-21mg-9kdx

vulnerability	VCID-4wd1-t7cm-9yd2

vulnerability	VCID-6227-44sm-nkbb

vulnerability	VCID-as6z-jr8m-6kbm

vulnerability	VCID-axxm-bb71-33dj

vulnerability	VCID-c87b-2p6c-xqh8

vulnerability	VCID-epah-7729-rqba

vulnerability	VCID-f55k-m678-vbfr

vulnerability	VCID-fyxq-vtfm-s3ec

vulnerability	VCID-k89y-aedv-uugd

vulnerability	VCID-kwns-m3j3-8kb7

vulnerability	VCID-q3he-ta5n-hkec

vulnerability	VCID-q7dx-jb8e-wua4

vulnerability	VCID-smd5-xy65-jufc

vulnerability	VCID-trdq-rcjg-s7gy

vulnerability	VCID-wau9-knn5-vqbp

resource_url http://public2.vulnerablecode.io/packages/pkg:nuget/DotNetNuke.Core@9.13.0-ci0000

aliases CVE-2021-40186

risk_score null

exploitability 0.5

weighted_severity 0.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-76dr-n4fx-nud6

url VCID-as6z-jr8m-6kbm

vulnerability_id VCID-as6z-jr8m-6kbm

summary DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Prior to version 10.1.0, DNN’s URL/path handling and template rendering can allow specially crafted input to be reflected into a user profile that is returned to the browser. In these cases, the application does not sufficiently neutralize or encode characters that are meaningful in HTML, so an attacker can cause a victim’s browser to interpret attacker-controlled content as part of the page’s HTML. This issue has been patched in version 10.1.0.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-59821

reference_id

reference_type

scores

value	0.00047
scoring_system	epss
scoring_elements	0.15038
published_at	2026-06-13T12:55:00Z

value	0.00047
scoring_system	epss
scoring_elements	0.14918
published_at	2026-06-11T12:55:00Z

value	0.00047
scoring_system	epss
scoring_elements	0.1504
published_at	2026-06-12T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-59821

reference_url

https://github.com/dnnsoftware/Dnn.Platform

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/dnnsoftware/Dnn.Platform

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2025-59821

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2025-59821

reference_url

https://github.com/advisories/GHSA-jc4g-c8ww-5738

reference_id

GHSA-jc4g-c8ww-5738

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-jc4g-c8ww-5738

reference_url

https://github.com/dnnsoftware/Dnn.Platform/security/advisories/GHSA-jc4g-c8ww-5738

reference_id

GHSA-jc4g-c8ww-5738

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-23T18:29:53Z/

url

https://github.com/dnnsoftware/Dnn.Platform/security/advisories/GHSA-jc4g-c8ww-5738

fixed_packages

url pkg:nuget/DotNetNuke.Core@10.1.0

purl pkg:nuget/DotNetNuke.Core@10.1.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6227-44sm-nkbb

vulnerability	VCID-axxm-bb71-33dj

vulnerability	VCID-fyxq-vtfm-s3ec

vulnerability	VCID-k89y-aedv-uugd

vulnerability	VCID-kwns-m3j3-8kb7

vulnerability	VCID-q7dx-jb8e-wua4

vulnerability	VCID-smd5-xy65-jufc

vulnerability	VCID-wau9-knn5-vqbp

vulnerability	VCID-z9tg-26ja-c7hw

resource_url http://public2.vulnerablecode.io/packages/pkg:nuget/DotNetNuke.Core@10.1.0

aliases CVE-2025-59821, GHSA-jc4g-c8ww-5738

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-as6z-jr8m-6kbm

url VCID-axxm-bb71-33dj

vulnerability_id VCID-axxm-bb71-33dj

summary DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Prior to version 10.2.2, a user could upload a specially crafted SVG file that could include scripts that can target both authenticated and unauthenticated DNN users. The impact is increased if the scripts are run by a power user. Version 10.2.2 patches the issue.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2026-40321

reference_id

reference_type

scores

value	0.00021
scoring_system	epss
scoring_elements	0.06153
published_at	2026-06-12T12:55:00Z

value	0.00021
scoring_system	epss
scoring_elements	0.06144
published_at	2026-06-13T12:55:00Z

value	0.00021
scoring_system	epss
scoring_elements	0.06131
published_at	2026-06-11T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2026-40321

reference_url

https://github.com/dnnsoftware/Dnn.Platform

reference_id

reference_type

scores

value	8.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/dnnsoftware/Dnn.Platform

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2026-40321

reference_id

reference_type

scores

value	8.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2026-40321

reference_url

https://github.com/advisories/GHSA-ffq7-898w-9jc4

reference_id

GHSA-ffq7-898w-9jc4

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-ffq7-898w-9jc4

reference_url

https://github.com/dnnsoftware/Dnn.Platform/security/advisories/GHSA-ffq7-898w-9jc4

reference_id

GHSA-ffq7-898w-9jc4

reference_type

scores

value	8.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-20T16:00:34Z/

url

https://github.com/dnnsoftware/Dnn.Platform/security/advisories/GHSA-ffq7-898w-9jc4

reference_url

https://github.com/dnnsoftware/Dnn.Platform/releases/tag/v10.2.2

reference_id

v10.2.2

reference_type

scores

value	8.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-20T16:00:34Z/

url

https://github.com/dnnsoftware/Dnn.Platform/releases/tag/v10.2.2

fixed_packages

url	pkg:nuget/DotNetNuke.Core@10.2.2
purl	pkg:nuget/DotNetNuke.Core@10.2.2
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:nuget/DotNetNuke.Core@10.2.2

aliases CVE-2026-40321, GHSA-ffq7-898w-9jc4

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-axxm-bb71-33dj

url VCID-c87b-2p6c-xqh8

vulnerability_id VCID-c87b-2p6c-xqh8

summary DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Prior to version 10.1.0, when embedding information in the Biography field, even if that field is not rich-text, users could inject javascript code that would run in the context of the website and to any other user that can view the profile including administrators and/or superusers. This issue has been patched in version 10.1.0.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-59539

reference_id

reference_type

scores

value	0.00041
scoring_system	epss
scoring_elements	0.13013
published_at	2026-06-13T12:55:00Z

value	0.00041
scoring_system	epss
scoring_elements	0.12908
published_at	2026-06-11T12:55:00Z

value	0.00041
scoring_system	epss
scoring_elements	0.13003
published_at	2026-06-12T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-59539

reference_url

https://github.com/dnnsoftware/Dnn.Platform

reference_id

reference_type

scores

value	6.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/dnnsoftware/Dnn.Platform

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2025-59539

reference_id

reference_type

scores

value	6.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2025-59539

reference_url	https://github.com/advisories/GHSA-7rcc-q6rq-jpcm
reference_id	GHSA-7rcc-q6rq-jpcm
reference_type
scores
url	https://github.com/advisories/GHSA-7rcc-q6rq-jpcm

reference_url

https://github.com/dnnsoftware/Dnn.Platform/security/advisories/GHSA-7rcc-q6rq-jpcm

reference_id

GHSA-7rcc-q6rq-jpcm

reference_type

scores

value	6.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-23T18:30:23Z/

url

https://github.com/dnnsoftware/Dnn.Platform/security/advisories/GHSA-7rcc-q6rq-jpcm

fixed_packages

url pkg:nuget/DotNetNuke.Core@10.1.0

purl pkg:nuget/DotNetNuke.Core@10.1.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6227-44sm-nkbb

vulnerability	VCID-axxm-bb71-33dj

vulnerability	VCID-fyxq-vtfm-s3ec

vulnerability	VCID-k89y-aedv-uugd

vulnerability	VCID-kwns-m3j3-8kb7

vulnerability	VCID-q7dx-jb8e-wua4

vulnerability	VCID-smd5-xy65-jufc

vulnerability	VCID-wau9-knn5-vqbp

vulnerability	VCID-z9tg-26ja-c7hw

resource_url http://public2.vulnerablecode.io/packages/pkg:nuget/DotNetNuke.Core@10.1.0

aliases CVE-2025-59539, GHSA-7rcc-q6rq-jpcm

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-c87b-2p6c-xqh8

url VCID-eaz6-q3m7-4bep

vulnerability_id VCID-eaz6-q3m7-4bep

summary An arbitrary file upload vulnerability in the Digital Assets Manager module of DNN Corp DotNetNuke v7.0.0 to v9.10.2 allows attackers to execute arbitrary code via a crafted SVG file.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-47053

reference_id

reference_type

scores

value	0.00738
scoring_system	epss
scoring_elements	0.73402
published_at	2026-06-13T12:55:00Z

value	0.00738
scoring_system	epss
scoring_elements	0.7331
published_at	2026-06-11T12:55:00Z

value	0.00738
scoring_system	epss
scoring_elements	0.73387
published_at	2026-06-12T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-47053

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2022-47053
reference_id	CVE-2022-47053
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2022-47053

reference_url

https://www.dnnsoftware.com/community/security/security-center

reference_id

security-center

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-10T16:43:29Z/

url

https://www.dnnsoftware.com/community/security/security-center

reference_url

https://www.dnnsoftware.com/community/security/security-center#:~:text=XSS%20in%20Digital%20Asset%20Manager

reference_id

security-center#:~:text=XSS%20in%20Digital%20Asset%20Manager

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-10T16:43:29Z/

url

https://www.dnnsoftware.com/community/security/security-center#:~:text=XSS%20in%20Digital%20Asset%20Manager

fixed_packages

url pkg:nuget/DotNetNuke.Core@9.11.0

purl pkg:nuget/DotNetNuke.Core@9.11.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2d1y-21mg-9kdx

vulnerability	VCID-4wd1-t7cm-9yd2

vulnerability	VCID-6227-44sm-nkbb

vulnerability	VCID-as6z-jr8m-6kbm

vulnerability	VCID-axxm-bb71-33dj

vulnerability	VCID-c87b-2p6c-xqh8

vulnerability	VCID-epah-7729-rqba

vulnerability	VCID-f55k-m678-vbfr

vulnerability	VCID-fyxq-vtfm-s3ec

vulnerability	VCID-k89y-aedv-uugd

vulnerability	VCID-kwns-m3j3-8kb7

vulnerability	VCID-q3he-ta5n-hkec

vulnerability	VCID-q7dx-jb8e-wua4

vulnerability	VCID-smd5-xy65-jufc

vulnerability	VCID-trdq-rcjg-s7gy

vulnerability	VCID-wau9-knn5-vqbp

resource_url http://public2.vulnerablecode.io/packages/pkg:nuget/DotNetNuke.Core@9.11.0

aliases CVE-2022-47053

risk_score 1.4

exploitability 0.5

weighted_severity 2.7

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-eaz6-q3m7-4bep

url VCID-epah-7729-rqba

vulnerability_id VCID-epah-7729-rqba

summary DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Prior to version 10.1.0, the Prompt module allows execution of commands that can return raw HTML. Malicious input, even if sanitized for display elsewhere, can be executed when processed through certain commands, leading to potential script execution (XSS). This issue has been patched in version 10.1.0.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-59545

reference_id

reference_type

scores

value	0.00098
scoring_system	epss
scoring_elements	0.27062
published_at	2026-06-12T12:55:00Z

value	0.00098
scoring_system	epss
scoring_elements	0.27077
published_at	2026-06-13T12:55:00Z

value	0.00098
scoring_system	epss
scoring_elements	0.2686
published_at	2026-06-11T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-59545

reference_url

https://github.com/dnnsoftware/Dnn.Platform

reference_id

reference_type

scores

value	9.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/dnnsoftware/Dnn.Platform

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2025-59545

reference_id

reference_type

scores

value	9.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2025-59545

reference_url

https://github.com/advisories/GHSA-2qxc-mf4x-wr29

reference_id

GHSA-2qxc-mf4x-wr29

reference_type

scores

value	CRITICAL
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-2qxc-mf4x-wr29

reference_url

https://github.com/dnnsoftware/Dnn.Platform/security/advisories/GHSA-2qxc-mf4x-wr29

reference_id

GHSA-2qxc-mf4x-wr29

reference_type

scores

value	9.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H

value	CRITICAL
scoring_system	cvssv3.1_qr
scoring_elements

value	CRITICAL
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-09-23T18:30:12Z/

url

https://github.com/dnnsoftware/Dnn.Platform/security/advisories/GHSA-2qxc-mf4x-wr29

fixed_packages

url pkg:nuget/DotNetNuke.Core@10.1.0

purl pkg:nuget/DotNetNuke.Core@10.1.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6227-44sm-nkbb

vulnerability	VCID-axxm-bb71-33dj

vulnerability	VCID-fyxq-vtfm-s3ec

vulnerability	VCID-k89y-aedv-uugd

vulnerability	VCID-kwns-m3j3-8kb7

vulnerability	VCID-q7dx-jb8e-wua4

vulnerability	VCID-smd5-xy65-jufc

vulnerability	VCID-wau9-knn5-vqbp

vulnerability	VCID-z9tg-26ja-c7hw

resource_url http://public2.vulnerablecode.io/packages/pkg:nuget/DotNetNuke.Core@10.1.0

aliases CVE-2025-59545, GHSA-2qxc-mf4x-wr29

risk_score 4.5

exploitability 0.5

weighted_severity 9.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-epah-7729-rqba

url VCID-f55k-m678-vbfr

vulnerability_id VCID-f55k-m678-vbfr

summary DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Prior to version 9.13.9, a specially crafted URL may be constructed which can inject an XSS payload that is triggered by using some module actions. Version 9.13.9 fixes the issue.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-48377

reference_id

reference_type

scores

value	0.00141
scoring_system	epss
scoring_elements	0.34174
published_at	2026-06-12T12:55:00Z

value	0.00141
scoring_system	epss
scoring_elements	0.34198
published_at	2026-06-13T12:55:00Z

value	0.00141
scoring_system	epss
scoring_elements	0.33998
published_at	2026-06-11T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-48377

reference_url

https://github.com/dnnsoftware/Dnn.Platform

reference_id

reference_type

scores

value	6.0
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/dnnsoftware/Dnn.Platform

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2025-48377

reference_id

reference_type

scores

value	6.0
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2025-48377

reference_url

https://github.com/dnnsoftware/Dnn.Platform/commit/351b166492ad4b6509c273dc83211d52238e31a7

reference_id

351b166492ad4b6509c273dc83211d52238e31a7

reference_type

scores

value	6
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N

value	6.0
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-23T15:51:04Z/

url

https://github.com/dnnsoftware/Dnn.Platform/commit/351b166492ad4b6509c273dc83211d52238e31a7

reference_url	https://github.com/advisories/GHSA-79m3-rvx2-3qq9
reference_id	GHSA-79m3-rvx2-3qq9
reference_type
scores
url	https://github.com/advisories/GHSA-79m3-rvx2-3qq9

reference_url

https://github.com/dnnsoftware/Dnn.Platform/security/advisories/GHSA-79m3-rvx2-3qq9

reference_id

GHSA-79m3-rvx2-3qq9

reference_type

scores

value	6
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N

value	6.0
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-23T15:51:04Z/

url

https://github.com/dnnsoftware/Dnn.Platform/security/advisories/GHSA-79m3-rvx2-3qq9

fixed_packages

url pkg:nuget/DotNetNuke.Core@9.13.9

purl pkg:nuget/DotNetNuke.Core@9.13.9

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2d1y-21mg-9kdx

vulnerability	VCID-6227-44sm-nkbb

vulnerability	VCID-as6z-jr8m-6kbm

vulnerability	VCID-axxm-bb71-33dj

vulnerability	VCID-c87b-2p6c-xqh8

vulnerability	VCID-epah-7729-rqba

vulnerability	VCID-fyxq-vtfm-s3ec

vulnerability	VCID-k89y-aedv-uugd

vulnerability	VCID-kwns-m3j3-8kb7

vulnerability	VCID-q7dx-jb8e-wua4

vulnerability	VCID-smd5-xy65-jufc

vulnerability	VCID-trdq-rcjg-s7gy

vulnerability	VCID-wau9-knn5-vqbp

resource_url http://public2.vulnerablecode.io/packages/pkg:nuget/DotNetNuke.Core@9.13.9

aliases CVE-2025-48377, GHSA-79m3-rvx2-3qq9

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-f55k-m678-vbfr

url VCID-fyxq-vtfm-s3ec

vulnerability_id VCID-fyxq-vtfm-s3ec

summary DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Prior to versions 9.13.10 and 10.2.0, module title supports richtext which could include scripts that would execute in certain scenarios. Versions 9.13.10 and 10.2.0 contain a fix for the issue.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2026-24838

reference_id

reference_type

scores

value	0.00055
scoring_system	epss
scoring_elements	0.17659
published_at	2026-06-13T12:55:00Z

value	0.00055
scoring_system	epss
scoring_elements	0.17641
published_at	2026-06-12T12:55:00Z

value	0.00055
scoring_system	epss
scoring_elements	0.17479
published_at	2026-06-11T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2026-24838

reference_url

https://github.com/dnnsoftware/Dnn.Platform

reference_id

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/dnnsoftware/Dnn.Platform

reference_url

https://github.com/dnnsoftware/Dnn.Platform/commit/4a4bcbcdf3cedbf702816f8168c4d51bf688f7f6

reference_id

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/dnnsoftware/Dnn.Platform/commit/4a4bcbcdf3cedbf702816f8168c4d51bf688f7f6

reference_url

https://github.com/dnnsoftware/Dnn.Platform/releases/tag/v10.2.0

reference_id

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/dnnsoftware/Dnn.Platform/releases/tag/v10.2.0

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2026-24838

reference_id

CVE-2026-24838

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2026-24838

reference_url

https://github.com/advisories/GHSA-w9pf-h6m6-v89h

reference_id

GHSA-w9pf-h6m6-v89h

reference_type

scores

value	CRITICAL
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-w9pf-h6m6-v89h

reference_url

https://github.com/dnnsoftware/Dnn.Platform/security/advisories/GHSA-w9pf-h6m6-v89h

reference_id

GHSA-w9pf-h6m6-v89h

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

value	CRITICAL
scoring_system	cvssv3.1_qr
scoring_elements

value	CRITICAL
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-01-28T15:03:11Z/

url

https://github.com/dnnsoftware/Dnn.Platform/security/advisories/GHSA-w9pf-h6m6-v89h

fixed_packages

url	pkg:nuget/DotNetNuke.Core@9.13.10
purl	pkg:nuget/DotNetNuke.Core@9.13.10
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:nuget/DotNetNuke.Core@9.13.10

url pkg:nuget/DotNetNuke.Core@10.2.0

purl pkg:nuget/DotNetNuke.Core@10.2.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-axxm-bb71-33dj

vulnerability	VCID-kwns-m3j3-8kb7

vulnerability	VCID-q7dx-jb8e-wua4

vulnerability	VCID-z9tg-26ja-c7hw

resource_url http://public2.vulnerablecode.io/packages/pkg:nuget/DotNetNuke.Core@10.2.0

aliases CVE-2026-24838, GHSA-w9pf-h6m6-v89h

risk_score 4.5

exploitability 0.5

weighted_severity 9.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-fyxq-vtfm-s3ec

url VCID-gkac-w1q4-wfgw

vulnerability_id VCID-gkac-w1q4-wfgw

summary Relative Path Traversal in GitHub repository dnnsoftware/dnn.platform prior to 9.11.0.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-2922

reference_id

reference_type

scores

value	0.00453
scoring_system	epss
scoring_elements	0.64193
published_at	2026-06-11T12:55:00Z

value	0.00453
scoring_system	epss
scoring_elements	0.6431
published_at	2026-06-13T12:55:00Z

value	0.00453
scoring_system	epss
scoring_elements	0.64296
published_at	2026-06-12T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-2922

reference_url

https://github.com/dnnsoftware/dnn.platform

reference_id

reference_type

scores

value	4.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/dnnsoftware/dnn.platform

reference_url

https://github.com/dnnsoftware/Dnn.Platform/commit/3697c5344cef8d49214230f0cc2efcd9e93a00a8

reference_id

reference_type

scores

value	4.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/dnnsoftware/Dnn.Platform/commit/3697c5344cef8d49214230f0cc2efcd9e93a00a8

reference_url

https://huntr.dev/bounties/74918f40-dc11-4218-abef-064eb71a0703

reference_id

74918f40-dc11-4218-abef-064eb71a0703

reference_type

scores

value	4.9
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

value	4.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-20T16:03:27Z/

url

https://huntr.dev/bounties/74918f40-dc11-4218-abef-064eb71a0703

reference_url

https://github.com/dnnsoftware/dnn.platform/commit/9b17351592fbde376506ba6705dbcc7a74a2a195

reference_id

9b17351592fbde376506ba6705dbcc7a74a2a195

reference_type

scores

value	4.9
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

value	4.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-20T16:03:27Z/

url

https://github.com/dnnsoftware/dnn.platform/commit/9b17351592fbde376506ba6705dbcc7a74a2a195

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2022-2922

reference_id

CVE-2022-2922

reference_type

scores

value	4.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2022-2922

reference_url

https://github.com/advisories/GHSA-9w72-2f23-57gm

reference_id

GHSA-9w72-2f23-57gm

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-9w72-2f23-57gm

fixed_packages

url pkg:nuget/DotNetNuke.Core@9.11.0

purl pkg:nuget/DotNetNuke.Core@9.11.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2d1y-21mg-9kdx

vulnerability	VCID-4wd1-t7cm-9yd2

vulnerability	VCID-6227-44sm-nkbb

vulnerability	VCID-as6z-jr8m-6kbm

vulnerability	VCID-axxm-bb71-33dj

vulnerability	VCID-c87b-2p6c-xqh8

vulnerability	VCID-epah-7729-rqba

vulnerability	VCID-f55k-m678-vbfr

vulnerability	VCID-fyxq-vtfm-s3ec

vulnerability	VCID-k89y-aedv-uugd

vulnerability	VCID-kwns-m3j3-8kb7

vulnerability	VCID-q3he-ta5n-hkec

vulnerability	VCID-q7dx-jb8e-wua4

vulnerability	VCID-smd5-xy65-jufc

vulnerability	VCID-trdq-rcjg-s7gy

vulnerability	VCID-wau9-knn5-vqbp

resource_url http://public2.vulnerablecode.io/packages/pkg:nuget/DotNetNuke.Core@9.11.0

aliases CVE-2022-2922, GHSA-9w72-2f23-57gm

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-gkac-w1q4-wfgw

url VCID-hdzp-q5cp-uuf5

vulnerability_id VCID-hdzp-q5cp-uuf5

summary

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-5186

reference_id

reference_type

scores

value	0.00353
scoring_system	epss
scoring_elements	0.58056
published_at	2026-06-11T12:55:00Z

value	0.00353
scoring_system	epss
scoring_elements	0.58169
published_at	2026-06-12T12:55:00Z

value	0.00353
scoring_system	epss
scoring_elements	0.58186
published_at	2026-06-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-5186

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2020-5186

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2020-5186

reference_url

https://packetstormsecurity.com/files/156483/DotNetNuke-CMS-9.5.0-Cross-Site-Scripting.html

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://packetstormsecurity.com/files/156483/DotNetNuke-CMS-9.5.0-Cross-Site-Scripting.html

reference_url

https://github.com/advisories/GHSA-9phr-h5mx-4fp6

reference_id

GHSA-9phr-h5mx-4fp6

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-9phr-h5mx-4fp6

fixed_packages

url pkg:nuget/DotNetNuke.Core@9.5.0

purl pkg:nuget/DotNetNuke.Core@9.5.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2d1y-21mg-9kdx

vulnerability	VCID-4wd1-t7cm-9yd2

vulnerability	VCID-6227-44sm-nkbb

vulnerability	VCID-76dr-n4fx-nud6

vulnerability	VCID-as6z-jr8m-6kbm

vulnerability	VCID-axxm-bb71-33dj

vulnerability	VCID-c87b-2p6c-xqh8

vulnerability	VCID-eaz6-q3m7-4bep

vulnerability	VCID-epah-7729-rqba

vulnerability	VCID-f55k-m678-vbfr

vulnerability	VCID-fyxq-vtfm-s3ec

vulnerability	VCID-gkac-w1q4-wfgw

vulnerability	VCID-k89y-aedv-uugd

vulnerability	VCID-kwns-m3j3-8kb7

vulnerability	VCID-q3he-ta5n-hkec

vulnerability	VCID-q7dx-jb8e-wua4

vulnerability	VCID-qcc1-r81m-7ud6

vulnerability	VCID-smd5-xy65-jufc

vulnerability	VCID-tfyx-ssz9-1qah

vulnerability	VCID-trdq-rcjg-s7gy

vulnerability	VCID-wau9-knn5-vqbp

resource_url http://public2.vulnerablecode.io/packages/pkg:nuget/DotNetNuke.Core@9.5.0

url pkg:nuget/DotNetNuke.Core@9.13.0-ci0000

purl pkg:nuget/DotNetNuke.Core@9.13.0-ci0000

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2d1y-21mg-9kdx

vulnerability	VCID-4wd1-t7cm-9yd2

vulnerability	VCID-6227-44sm-nkbb

vulnerability	VCID-as6z-jr8m-6kbm

vulnerability	VCID-axxm-bb71-33dj

vulnerability	VCID-c87b-2p6c-xqh8

vulnerability	VCID-epah-7729-rqba

vulnerability	VCID-f55k-m678-vbfr

vulnerability	VCID-fyxq-vtfm-s3ec

vulnerability	VCID-k89y-aedv-uugd

vulnerability	VCID-kwns-m3j3-8kb7

vulnerability	VCID-q3he-ta5n-hkec

vulnerability	VCID-q7dx-jb8e-wua4

vulnerability	VCID-smd5-xy65-jufc

vulnerability	VCID-trdq-rcjg-s7gy

vulnerability	VCID-wau9-knn5-vqbp

resource_url http://public2.vulnerablecode.io/packages/pkg:nuget/DotNetNuke.Core@9.13.0-ci0000

aliases CVE-2020-5186, GHSA-9phr-h5mx-4fp6

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-hdzp-q5cp-uuf5

url VCID-k89y-aedv-uugd

vulnerability_id VCID-k89y-aedv-uugd

summary DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Starting in version 9.0.0 and prior to versions 9.13.10 and 10.2.0, a module friendly name could include scripts that will run during some module operations in the Persona Bar. Versions 9.13.10 and 10.2.0 contain a fix for the issue.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2026-24837

reference_id

reference_type

scores

value	0.00017
scoring_system	epss
scoring_elements	0.04162
published_at	2026-06-13T12:55:00Z

value	0.00017
scoring_system	epss
scoring_elements	0.04175
published_at	2026-06-12T12:55:00Z

value	0.00017
scoring_system	epss
scoring_elements	0.04163
published_at	2026-06-11T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2026-24837

reference_url

https://github.com/dnnsoftware/Dnn.Platform

reference_id

reference_type

scores

value	7.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/dnnsoftware/Dnn.Platform

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2026-24837

reference_id

CVE-2026-24837

reference_type

scores

value	7.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2026-24837

reference_url

https://github.com/advisories/GHSA-vm5q-8qww-h238

reference_id

GHSA-vm5q-8qww-h238

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-vm5q-8qww-h238

reference_url

https://github.com/dnnsoftware/Dnn.Platform/security/advisories/GHSA-vm5q-8qww-h238

reference_id

GHSA-vm5q-8qww-h238

reference_type

scores

value	7.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H

value	7.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-01-28T21:02:52Z/

url

https://github.com/dnnsoftware/Dnn.Platform/security/advisories/GHSA-vm5q-8qww-h238

fixed_packages

url pkg:nuget/DotNetNuke.Core@10.2.0

purl pkg:nuget/DotNetNuke.Core@10.2.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-axxm-bb71-33dj

vulnerability	VCID-kwns-m3j3-8kb7

vulnerability	VCID-q7dx-jb8e-wua4

vulnerability	VCID-z9tg-26ja-c7hw

resource_url http://public2.vulnerablecode.io/packages/pkg:nuget/DotNetNuke.Core@10.2.0

aliases CVE-2026-24837, GHSA-vm5q-8qww-h238

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-k89y-aedv-uugd

url VCID-kwns-m3j3-8kb7

vulnerability_id VCID-kwns-m3j3-8kb7

summary DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Starting in version 6.0.0 and prior to version 10.2.2, in the friends feature, a user could craft a request that would force the acceptance of a friend request on another user. Version 10.2.2 patches the issue.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2026-40305

reference_id

reference_type

scores

value	0.00034
scoring_system	epss
scoring_elements	0.10514
published_at	2026-06-11T12:55:00Z

value	0.00034
scoring_system	epss
scoring_elements	0.10571
published_at	2026-06-13T12:55:00Z

value	0.00034
scoring_system	epss
scoring_elements	0.1057
published_at	2026-06-12T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2026-40305

reference_url

https://github.com/dnnsoftware/Dnn.Platform

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/dnnsoftware/Dnn.Platform

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2026-40305

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2026-40305

reference_url

https://github.com/advisories/GHSA-fpj4-9qhx-5m6m

reference_id

GHSA-fpj4-9qhx-5m6m

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-fpj4-9qhx-5m6m

reference_url

https://github.com/dnnsoftware/Dnn.Platform/security/advisories/GHSA-fpj4-9qhx-5m6m

reference_id

GHSA-fpj4-9qhx-5m6m

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-20T13:22:45Z/

url

https://github.com/dnnsoftware/Dnn.Platform/security/advisories/GHSA-fpj4-9qhx-5m6m

reference_url

https://github.com/dnnsoftware/Dnn.Platform/releases/tag/v10.2.2

reference_id

v10.2.2

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-20T13:22:45Z/

url

https://github.com/dnnsoftware/Dnn.Platform/releases/tag/v10.2.2

fixed_packages

url	pkg:nuget/DotNetNuke.Core@10.2.2
purl	pkg:nuget/DotNetNuke.Core@10.2.2
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:nuget/DotNetNuke.Core@10.2.2

aliases CVE-2026-40305, GHSA-fpj4-9qhx-5m6m

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-kwns-m3j3-8kb7

url VCID-q3he-ta5n-hkec

vulnerability_id VCID-q3he-ta5n-hkec

summary DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. A bypass has been identified for the previously known vulnerability CVE-2017-0929, allowing unauthenticated attackers to execute arbitrary GET requests against target systems, including internal or adjacent networks. This vulnerability facilitates a semi-blind SSRF attack, allowing attackers to make the target server send requests to internal or external URLs without viewing the full responses. Potential impacts include internal network reconnaissance, bypassing firewalls. This vulnerability is fixed in 9.13.8.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-32372

reference_id

reference_type

scores

value	0.00102
scoring_system	epss
scoring_elements	0.27612
published_at	2026-06-11T12:55:00Z

value	0.00102
scoring_system	epss
scoring_elements	0.27839
published_at	2026-06-13T12:55:00Z

value	0.00102
scoring_system	epss
scoring_elements	0.27814
published_at	2026-06-12T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-32372

reference_url

https://github.com/dnnsoftware/Dnn.Platform

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/dnnsoftware/Dnn.Platform

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2025-32372

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2025-32372

reference_url

https://github.com/dnnsoftware/Dnn.Platform/commit/4721dd9eef846936d3b1a3676499e46968d15feb

reference_id

4721dd9eef846936d3b1a3676499e46968d15feb

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-09T15:39:52Z/

url

https://github.com/dnnsoftware/Dnn.Platform/commit/4721dd9eef846936d3b1a3676499e46968d15feb

reference_url	https://github.com/advisories/GHSA-3f7v-qx94-666m
reference_id	GHSA-3f7v-qx94-666m
reference_type
scores
url	https://github.com/advisories/GHSA-3f7v-qx94-666m

reference_url

https://github.com/dnnsoftware/Dnn.Platform/security/advisories/GHSA-3f7v-qx94-666m

reference_id

GHSA-3f7v-qx94-666m

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-09T15:39:52Z/

url

https://github.com/dnnsoftware/Dnn.Platform/security/advisories/GHSA-3f7v-qx94-666m

fixed_packages

url pkg:nuget/DotNetNuke.Core@9.13.8

purl pkg:nuget/DotNetNuke.Core@9.13.8

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2d1y-21mg-9kdx

vulnerability	VCID-4wd1-t7cm-9yd2

vulnerability	VCID-6227-44sm-nkbb

vulnerability	VCID-as6z-jr8m-6kbm

vulnerability	VCID-axxm-bb71-33dj

vulnerability	VCID-c87b-2p6c-xqh8

vulnerability	VCID-epah-7729-rqba

vulnerability	VCID-f55k-m678-vbfr

vulnerability	VCID-fyxq-vtfm-s3ec

vulnerability	VCID-k89y-aedv-uugd

vulnerability	VCID-kwns-m3j3-8kb7

vulnerability	VCID-q7dx-jb8e-wua4

vulnerability	VCID-smd5-xy65-jufc

vulnerability	VCID-trdq-rcjg-s7gy

vulnerability	VCID-wau9-knn5-vqbp

resource_url http://public2.vulnerablecode.io/packages/pkg:nuget/DotNetNuke.Core@9.13.8

aliases CVE-2025-32372, GHSA-3f7v-qx94-666m

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-q3he-ta5n-hkec

url VCID-q7dx-jb8e-wua4

vulnerability_id VCID-q7dx-jb8e-wua4

summary

DotNetNuke.Core security code analysis rules triggered
The codebase raises code analysis warnings related to security, including CA3075, CA5366, CA5371, CA5368, CA5369, CA5372, CA5379, CA5350, and CA5351.

Most of these deal with disabling DTD processing in XML documents, but also includes cryptographic algorithm choices.

references

reference_url

https://github.com/dnnsoftware/Dnn.Platform

reference_id

reference_type

scores

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://github.com/dnnsoftware/Dnn.Platform

reference_url

https://github.com/dnnsoftware/Dnn.Platform/security/advisories/GHSA-fcpv-w245-r2q7

reference_id

reference_type

scores

value	LOW
scoring_system	cvssv3.1_qr
scoring_elements

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://github.com/dnnsoftware/Dnn.Platform/security/advisories/GHSA-fcpv-w245-r2q7

reference_url

https://github.com/advisories/GHSA-fcpv-w245-r2q7

reference_id

GHSA-fcpv-w245-r2q7

reference_type

scores

value	LOW
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-fcpv-w245-r2q7

fixed_packages

url	pkg:nuget/DotNetNuke.Core@10.2.2
purl	pkg:nuget/DotNetNuke.Core@10.2.2
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:nuget/DotNetNuke.Core@10.2.2

aliases GHSA-fcpv-w245-r2q7

risk_score 1.4

exploitability 0.5

weighted_severity 2.7

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-q7dx-jb8e-wua4

url VCID-smd5-xy65-jufc

vulnerability_id VCID-smd5-xy65-jufc

summary DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Prior to 10.1.1, sanitization of the content of uploaded SVG files was not covering all possible XSS scenarios. This vulnerability exists because of an incomplete fix for CVE-2025-48378. This vulnerability is fixed in 10.1.1.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-64094

reference_id

reference_type

scores

value	0.00025
scoring_system	epss
scoring_elements	0.07566
published_at	2026-06-13T12:55:00Z

value	0.00025
scoring_system	epss
scoring_elements	0.07571
published_at	2026-06-12T12:55:00Z

value	0.00025
scoring_system	epss
scoring_elements	0.07536
published_at	2026-06-11T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-64094

reference_url

https://github.com/dnnsoftware/Dnn.Platform

reference_id

reference_type

scores

value	6.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/dnnsoftware/Dnn.Platform

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2025-64094

reference_id

CVE-2025-64094

reference_type

scores

value	6.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2025-64094

reference_url

https://github.com/advisories/GHSA-hmvq-8p83-cq52

reference_id

GHSA-hmvq-8p83-cq52

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-hmvq-8p83-cq52

reference_url

https://github.com/dnnsoftware/Dnn.Platform/security/advisories/GHSA-hmvq-8p83-cq52

reference_id

GHSA-hmvq-8p83-cq52

reference_type

scores

value	6.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-29T14:51:54Z/

url

https://github.com/dnnsoftware/Dnn.Platform/security/advisories/GHSA-hmvq-8p83-cq52

fixed_packages

url pkg:nuget/DotNetNuke.Core@10.1.1

purl pkg:nuget/DotNetNuke.Core@10.1.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6227-44sm-nkbb

vulnerability	VCID-axxm-bb71-33dj

vulnerability	VCID-fyxq-vtfm-s3ec

vulnerability	VCID-k89y-aedv-uugd

vulnerability	VCID-kwns-m3j3-8kb7

vulnerability	VCID-q7dx-jb8e-wua4

vulnerability	VCID-wau9-knn5-vqbp

vulnerability	VCID-z9tg-26ja-c7hw

resource_url http://public2.vulnerablecode.io/packages/pkg:nuget/DotNetNuke.Core@10.1.1

aliases CVE-2025-64094, GHSA-hmvq-8p83-cq52

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-smd5-xy65-jufc

url VCID-tc3h-gp3h-euf9

vulnerability_id VCID-tc3h-gp3h-euf9

summary

references

reference_url

http://packetstormsecurity.com/files/156484/DotNetNuke-CMS-9.5.0-File-Extension-Check-Bypass.html

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://packetstormsecurity.com/files/156484/DotNetNuke-CMS-9.5.0-File-Extension-Check-Bypass.html

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-5188

reference_id

reference_type

scores

value	0.00254
scoring_system	epss
scoring_elements	0.48981
published_at	2026-06-11T12:55:00Z

value	0.00254
scoring_system	epss
scoring_elements	0.49117
published_at	2026-06-12T12:55:00Z

value	0.00254
scoring_system	epss
scoring_elements	0.49135
published_at	2026-06-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-5188

reference_url

https://github.com/dnnsoftware/Dnn.Platform

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/dnnsoftware/Dnn.Platform

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2020-5188

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2020-5188

reference_url

https://github.com/advisories/GHSA-vjcm-j85r-7p68

reference_id

GHSA-vjcm-j85r-7p68

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-vjcm-j85r-7p68

fixed_packages

url pkg:nuget/DotNetNuke.Core@9.5.0

purl pkg:nuget/DotNetNuke.Core@9.5.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2d1y-21mg-9kdx

vulnerability	VCID-4wd1-t7cm-9yd2

vulnerability	VCID-6227-44sm-nkbb

vulnerability	VCID-76dr-n4fx-nud6

vulnerability	VCID-as6z-jr8m-6kbm

vulnerability	VCID-axxm-bb71-33dj

vulnerability	VCID-c87b-2p6c-xqh8

vulnerability	VCID-eaz6-q3m7-4bep

vulnerability	VCID-epah-7729-rqba

vulnerability	VCID-f55k-m678-vbfr

vulnerability	VCID-fyxq-vtfm-s3ec

vulnerability	VCID-gkac-w1q4-wfgw

vulnerability	VCID-k89y-aedv-uugd

vulnerability	VCID-kwns-m3j3-8kb7

vulnerability	VCID-q3he-ta5n-hkec

vulnerability	VCID-q7dx-jb8e-wua4

vulnerability	VCID-qcc1-r81m-7ud6

vulnerability	VCID-smd5-xy65-jufc

vulnerability	VCID-tfyx-ssz9-1qah

vulnerability	VCID-trdq-rcjg-s7gy

vulnerability	VCID-wau9-knn5-vqbp

resource_url http://public2.vulnerablecode.io/packages/pkg:nuget/DotNetNuke.Core@9.5.0

url pkg:nuget/DotNetNuke.Core@9.13.0-ci0000

purl pkg:nuget/DotNetNuke.Core@9.13.0-ci0000

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2d1y-21mg-9kdx

vulnerability	VCID-4wd1-t7cm-9yd2

vulnerability	VCID-6227-44sm-nkbb

vulnerability	VCID-as6z-jr8m-6kbm

vulnerability	VCID-axxm-bb71-33dj

vulnerability	VCID-c87b-2p6c-xqh8

vulnerability	VCID-epah-7729-rqba

vulnerability	VCID-f55k-m678-vbfr

vulnerability	VCID-fyxq-vtfm-s3ec

vulnerability	VCID-k89y-aedv-uugd

vulnerability	VCID-kwns-m3j3-8kb7

vulnerability	VCID-q3he-ta5n-hkec

vulnerability	VCID-q7dx-jb8e-wua4

vulnerability	VCID-smd5-xy65-jufc

vulnerability	VCID-trdq-rcjg-s7gy

vulnerability	VCID-wau9-knn5-vqbp

resource_url http://public2.vulnerablecode.io/packages/pkg:nuget/DotNetNuke.Core@9.13.0-ci0000

aliases CVE-2020-5188, GHSA-vjcm-j85r-7p68

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-tc3h-gp3h-euf9

url VCID-tfyx-ssz9-1qah

vulnerability_id VCID-tfyx-ssz9-1qah

summary

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2021-31858

reference_id

reference_type

scores

value	0.00234
scoring_system	epss
scoring_elements	0.46512
published_at	2026-06-11T12:55:00Z

value	0.00234
scoring_system	epss
scoring_elements	0.46657
published_at	2026-06-12T12:55:00Z

value	0.00234
scoring_system	epss
scoring_elements	0.46667
published_at	2026-06-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-31858

reference_url	https://labs.integrity.pt/advisories/cve-2021-31858/
reference_id	CVE-2021-31858
reference_type
scores
url	https://labs.integrity.pt/advisories/cve-2021-31858/

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2021-31858
reference_id	CVE-2021-31858
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2021-31858

fixed_packages

url pkg:nuget/DotNetNuke.Core@9.13.0-ci0000

purl pkg:nuget/DotNetNuke.Core@9.13.0-ci0000

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2d1y-21mg-9kdx

vulnerability	VCID-4wd1-t7cm-9yd2

vulnerability	VCID-6227-44sm-nkbb

vulnerability	VCID-as6z-jr8m-6kbm

vulnerability	VCID-axxm-bb71-33dj

vulnerability	VCID-c87b-2p6c-xqh8

vulnerability	VCID-epah-7729-rqba

vulnerability	VCID-f55k-m678-vbfr

vulnerability	VCID-fyxq-vtfm-s3ec

vulnerability	VCID-k89y-aedv-uugd

vulnerability	VCID-kwns-m3j3-8kb7

vulnerability	VCID-q3he-ta5n-hkec

vulnerability	VCID-q7dx-jb8e-wua4

vulnerability	VCID-smd5-xy65-jufc

vulnerability	VCID-trdq-rcjg-s7gy

vulnerability	VCID-wau9-knn5-vqbp

resource_url http://public2.vulnerablecode.io/packages/pkg:nuget/DotNetNuke.Core@9.13.0-ci0000

aliases CVE-2021-31858

risk_score null

exploitability 0.5

weighted_severity 0.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-tfyx-ssz9-1qah

url VCID-trdq-rcjg-s7gy

vulnerability_id VCID-trdq-rcjg-s7gy

summary DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Prior to version 10.1.0, arbitrary themes can be loaded through query parameters. If an installed theme had a vulnerability, even if it was not used on any page, this could be loaded on unsuspecting clients without knowledge of the site owner. This issue has been patched in version 10.1.0.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-59535

reference_id

reference_type

scores

value	0.00126
scoring_system	epss
scoring_elements	0.31369
published_at	2026-06-11T12:55:00Z

value	0.00126
scoring_system	epss
scoring_elements	0.31579
published_at	2026-06-13T12:55:00Z

value	0.00126
scoring_system	epss
scoring_elements	0.31561
published_at	2026-06-12T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-59535

reference_url

https://dnncommunity.org/?SkinSrc=%5BG%5Dskins%2Fxcillion%2Fhome&ContainerSrc=%5BG%5DContainers%2FXcillion%2FNoTitle

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://dnncommunity.org/?SkinSrc=%5BG%5Dskins%2Fxcillion%2Fhome&ContainerSrc=%5BG%5DContainers%2FXcillion%2FNoTitle

reference_url

https://github.com/dnnsoftware/Dnn.Platform

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/dnnsoftware/Dnn.Platform

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2025-59535

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2025-59535

reference_url

https://github.com/dnnsoftware/Dnn.Platform/commit/72f30f69fd2214d77f6c2577dfcca495a24caf5c

reference_id

72f30f69fd2214d77f6c2577dfcca495a24caf5c

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-09-23T20:08:12Z/

url

https://github.com/dnnsoftware/Dnn.Platform/commit/72f30f69fd2214d77f6c2577dfcca495a24caf5c

reference_url	https://github.com/advisories/GHSA-wq2j-w9pm-7x2p
reference_id	GHSA-wq2j-w9pm-7x2p
reference_type
scores
url	https://github.com/advisories/GHSA-wq2j-w9pm-7x2p

reference_url

https://github.com/dnnsoftware/Dnn.Platform/security/advisories/GHSA-wq2j-w9pm-7x2p

reference_id

GHSA-wq2j-w9pm-7x2p

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-09-23T20:08:12Z/

url

https://github.com/dnnsoftware/Dnn.Platform/security/advisories/GHSA-wq2j-w9pm-7x2p

reference_url

https://github.com/dnnsoftware/Dnn.Platform/blob/develop/DNN%20Platform/Library/UI/Skins/Skin.cs#L305

reference_id

Skin.cs#L305

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-09-23T20:08:12Z/

url

https://github.com/dnnsoftware/Dnn.Platform/blob/develop/DNN%20Platform/Library/UI/Skins/Skin.cs#L305

fixed_packages

url pkg:nuget/DotNetNuke.Core@10.1.0

purl pkg:nuget/DotNetNuke.Core@10.1.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6227-44sm-nkbb

vulnerability	VCID-axxm-bb71-33dj

vulnerability	VCID-fyxq-vtfm-s3ec

vulnerability	VCID-k89y-aedv-uugd

vulnerability	VCID-kwns-m3j3-8kb7

vulnerability	VCID-q7dx-jb8e-wua4

vulnerability	VCID-smd5-xy65-jufc

vulnerability	VCID-wau9-knn5-vqbp

vulnerability	VCID-z9tg-26ja-c7hw

resource_url http://public2.vulnerablecode.io/packages/pkg:nuget/DotNetNuke.Core@10.1.0

aliases CVE-2025-59535, GHSA-wq2j-w9pm-7x2p

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-trdq-rcjg-s7gy

url VCID-w7dd-uzf2-d7au

vulnerability_id VCID-w7dd-uzf2-d7au

summary

references

reference_url

http://packetstormsecurity.com/files/156489/DotNetNuke-CMS-9.4.4-Zip-Directory-Traversal.html

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://packetstormsecurity.com/files/156489/DotNetNuke-CMS-9.4.4-Zip-Directory-Traversal.html

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-5187

reference_id

reference_type

scores

value	0.00709
scoring_system	epss
scoring_elements	0.72682
published_at	2026-06-11T12:55:00Z

value	0.00709
scoring_system	epss
scoring_elements	0.72758
published_at	2026-06-12T12:55:00Z

value	0.00709
scoring_system	epss
scoring_elements	0.72774
published_at	2026-06-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-5187

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2020-5187

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2020-5187

reference_url

https://github.com/advisories/GHSA-4qf5-7xc2-wqpg

reference_id

GHSA-4qf5-7xc2-wqpg

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-4qf5-7xc2-wqpg

fixed_packages

url pkg:nuget/DotNetNuke.Core@9.5.0

purl pkg:nuget/DotNetNuke.Core@9.5.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2d1y-21mg-9kdx

vulnerability	VCID-4wd1-t7cm-9yd2

vulnerability	VCID-6227-44sm-nkbb

vulnerability	VCID-76dr-n4fx-nud6

vulnerability	VCID-as6z-jr8m-6kbm

vulnerability	VCID-axxm-bb71-33dj

vulnerability	VCID-c87b-2p6c-xqh8

vulnerability	VCID-eaz6-q3m7-4bep

vulnerability	VCID-epah-7729-rqba

vulnerability	VCID-f55k-m678-vbfr

vulnerability	VCID-fyxq-vtfm-s3ec

vulnerability	VCID-gkac-w1q4-wfgw

vulnerability	VCID-k89y-aedv-uugd

vulnerability	VCID-kwns-m3j3-8kb7

vulnerability	VCID-q3he-ta5n-hkec

vulnerability	VCID-q7dx-jb8e-wua4

vulnerability	VCID-qcc1-r81m-7ud6

vulnerability	VCID-smd5-xy65-jufc

vulnerability	VCID-tfyx-ssz9-1qah

vulnerability	VCID-trdq-rcjg-s7gy

vulnerability	VCID-wau9-knn5-vqbp

resource_url http://public2.vulnerablecode.io/packages/pkg:nuget/DotNetNuke.Core@9.5.0

url pkg:nuget/DotNetNuke.Core@9.13.0-ci0000

purl pkg:nuget/DotNetNuke.Core@9.13.0-ci0000

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2d1y-21mg-9kdx

vulnerability	VCID-4wd1-t7cm-9yd2

vulnerability	VCID-6227-44sm-nkbb

vulnerability	VCID-as6z-jr8m-6kbm

vulnerability	VCID-axxm-bb71-33dj

vulnerability	VCID-c87b-2p6c-xqh8

vulnerability	VCID-epah-7729-rqba

vulnerability	VCID-f55k-m678-vbfr

vulnerability	VCID-fyxq-vtfm-s3ec

vulnerability	VCID-k89y-aedv-uugd

vulnerability	VCID-kwns-m3j3-8kb7

vulnerability	VCID-q3he-ta5n-hkec

vulnerability	VCID-q7dx-jb8e-wua4

vulnerability	VCID-smd5-xy65-jufc

vulnerability	VCID-trdq-rcjg-s7gy

vulnerability	VCID-wau9-knn5-vqbp

resource_url http://public2.vulnerablecode.io/packages/pkg:nuget/DotNetNuke.Core@9.13.0-ci0000

aliases CVE-2020-5187, GHSA-4qf5-7xc2-wqpg

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-w7dd-uzf2-d7au

url VCID-wau9-knn5-vqbp

vulnerability_id VCID-wau9-knn5-vqbp

summary DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Starting in version 9.0.0 and prior to versions 9.13.10 and 10.2.0, a content editor could inject scripts in module headers/footers that would run for other users. Versions 9.13.10 and 10.2.0 contain a fix for the issue.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2026-24784

reference_id

reference_type

scores

value	0.00054
scoring_system	epss
scoring_elements	0.1736
published_at	2026-06-13T12:55:00Z

value	0.00054
scoring_system	epss
scoring_elements	0.17344
published_at	2026-06-12T12:55:00Z

value	0.00054
scoring_system	epss
scoring_elements	0.1718
published_at	2026-06-11T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2026-24784

reference_url

https://github.com/dnnsoftware/Dnn.Platform

reference_id

reference_type

scores

value	6.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/dnnsoftware/Dnn.Platform

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2026-24784

reference_id

CVE-2026-24784

reference_type

scores

value	6.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2026-24784

reference_url

https://github.com/advisories/GHSA-jjwg-4948-6wxp

reference_id

GHSA-jjwg-4948-6wxp

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-jjwg-4948-6wxp

reference_url

https://github.com/dnnsoftware/Dnn.Platform/security/advisories/GHSA-jjwg-4948-6wxp

reference_id

GHSA-jjwg-4948-6wxp

reference_type

scores

value	6.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N

value	6.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:L/A:N

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-28T15:06:32Z/

url

https://github.com/dnnsoftware/Dnn.Platform/security/advisories/GHSA-jjwg-4948-6wxp

fixed_packages

url	pkg:nuget/DotNetNuke.Core@9.13.10
purl	pkg:nuget/DotNetNuke.Core@9.13.10
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:nuget/DotNetNuke.Core@9.13.10

url pkg:nuget/DotNetNuke.Core@10.2.0

purl pkg:nuget/DotNetNuke.Core@10.2.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-axxm-bb71-33dj

vulnerability	VCID-kwns-m3j3-8kb7

vulnerability	VCID-q7dx-jb8e-wua4

vulnerability	VCID-z9tg-26ja-c7hw

resource_url http://public2.vulnerablecode.io/packages/pkg:nuget/DotNetNuke.Core@10.2.0

aliases CVE-2026-24784, GHSA-jjwg-4948-6wxp

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-wau9-knn5-vqbp

url VCID-z31q-4wvb-gfhp

vulnerability_id VCID-z31q-4wvb-gfhp

summary Stored Cross-Site Scripting vulnerability in admin component of DotNetNuke

references

reference_url

http://packetstormsecurity.com/files/154673/DotNetNuke-Cross-Site-Scripting.html

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://packetstormsecurity.com/files/154673/DotNetNuke-Cross-Site-Scripting.html

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2019-12562

reference_id

reference_type

scores

value	0.38668
scoring_system	epss
scoring_elements	0.9735
published_at	2026-06-11T12:55:00Z

value	0.38668
scoring_system	epss
scoring_elements	0.9736
published_at	2026-06-13T12:55:00Z

value	0.38668
scoring_system	epss
scoring_elements	0.97358
published_at	2026-06-12T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2019-12562

reference_url

https://mayaseven.com/cve-2019-12562-stored-cross-site-scripting-in-dotnetnuke-dnn-version-v9-3-2

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://mayaseven.com/cve-2019-12562-stored-cross-site-scripting-in-dotnetnuke-dnn-version-v9-3-2

reference_url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/webapps/47448.py
reference_id	CVE-2019-12562
reference_type	exploit
scores
url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/webapps/47448.py

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2019-12562

reference_id

CVE-2019-12562

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2019-12562

reference_url	https://mayaseven.com/cve-2019-12562-stored-cross-site-scripting-in-dotnetnuke-dnn-version-v9-3-2/
reference_id	CVE-2019-12562-STORED-CROSS-SITE-SCRIPTING-IN-DOTNETNUKE-DNN-VERSION-V9-3-2
reference_type
scores
url	https://mayaseven.com/cve-2019-12562-stored-cross-site-scripting-in-dotnetnuke-dnn-version-v9-3-2/

reference_url

https://github.com/advisories/GHSA-5whq-j5qg-wjvp

reference_id

GHSA-5whq-j5qg-wjvp

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-5whq-j5qg-wjvp

fixed_packages

url pkg:nuget/DotNetNuke.Core@9.4.0

purl pkg:nuget/DotNetNuke.Core@9.4.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2d1y-21mg-9kdx

vulnerability	VCID-4wd1-t7cm-9yd2

vulnerability	VCID-6227-44sm-nkbb

vulnerability	VCID-76dr-n4fx-nud6

vulnerability	VCID-as6z-jr8m-6kbm

vulnerability	VCID-axxm-bb71-33dj

vulnerability	VCID-c87b-2p6c-xqh8

vulnerability	VCID-eaz6-q3m7-4bep

vulnerability	VCID-epah-7729-rqba

vulnerability	VCID-f55k-m678-vbfr

vulnerability	VCID-fyxq-vtfm-s3ec

vulnerability	VCID-gkac-w1q4-wfgw

vulnerability	VCID-hdzp-q5cp-uuf5

vulnerability	VCID-k89y-aedv-uugd

vulnerability	VCID-kwns-m3j3-8kb7

vulnerability	VCID-q3he-ta5n-hkec

vulnerability	VCID-q7dx-jb8e-wua4

vulnerability	VCID-smd5-xy65-jufc

vulnerability	VCID-tc3h-gp3h-euf9

vulnerability	VCID-tfyx-ssz9-1qah

vulnerability	VCID-trdq-rcjg-s7gy

vulnerability	VCID-w7dd-uzf2-d7au

vulnerability	VCID-wau9-knn5-vqbp

resource_url http://public2.vulnerablecode.io/packages/pkg:nuget/DotNetNuke.Core@9.4.0

aliases CVE-2019-12562, GHSA-5whq-j5qg-wjvp

risk_score 10.0

exploitability 2.0

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-z31q-4wvb-gfhp

Fixing_vulnerabilities

url VCID-5kvr-gpby-wygq

vulnerability_id VCID-5kvr-gpby-wygq

summary DNN (aka DotNetNuke) 9.2 through 9.2.1 uses a weak encryption algorithm to protect input parameters.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2018-15811

reference_id

reference_type

scores

value	0.92962
scoring_system	epss
scoring_elements	0.99786
published_at	2026-06-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2018-15811

reference_url

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2018-15811

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2018-15811

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2018-15811

reference_id

CVE-2018-15811

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2018-15811

reference_url

http://packetstormsecurity.com/files/157080/DotNetNuke-Cookie-Deserialization-Remote-Code-Execution.html

reference_id

DotNetNuke-Cookie-Deserialization-Remote-Code-Execution.html

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Attend
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-02-04T20:15:46Z/

url

http://packetstormsecurity.com/files/157080/DotNetNuke-Cookie-Deserialization-Remote-Code-Execution.html

reference_url

https://github.com/advisories/GHSA-h595-8pw6-5q6v

reference_id

GHSA-h595-8pw6-5q6v

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-h595-8pw6-5q6v

reference_url

https://github.com/dnnsoftware/Dnn.Platform/releases

reference_id

releases

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Attend
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-02-04T20:15:46Z/

url

https://github.com/dnnsoftware/Dnn.Platform/releases

reference_url

https://www.dnnsoftware.com/community/security/security-center

reference_id

security-center

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Attend
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-02-04T20:15:46Z/

url

https://www.dnnsoftware.com/community/security/security-center

fixed_packages

url pkg:nuget/DotNetNuke.Core@9.2.2

purl pkg:nuget/DotNetNuke.Core@9.2.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-w8mm-p8mb-sqbg

resource_url http://public2.vulnerablecode.io/packages/pkg:nuget/DotNetNuke.Core@9.2.2

url pkg:nuget/DotNetNuke.Core@9.3.0

purl pkg:nuget/DotNetNuke.Core@9.3.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2d1y-21mg-9kdx

vulnerability	VCID-4wd1-t7cm-9yd2

vulnerability	VCID-6227-44sm-nkbb

vulnerability	VCID-76dr-n4fx-nud6

vulnerability	VCID-as6z-jr8m-6kbm

vulnerability	VCID-axxm-bb71-33dj

vulnerability	VCID-c87b-2p6c-xqh8

vulnerability	VCID-eaz6-q3m7-4bep

vulnerability	VCID-epah-7729-rqba

vulnerability	VCID-f55k-m678-vbfr

vulnerability	VCID-fyxq-vtfm-s3ec

vulnerability	VCID-gkac-w1q4-wfgw

vulnerability	VCID-hdzp-q5cp-uuf5

vulnerability	VCID-k89y-aedv-uugd

vulnerability	VCID-kwns-m3j3-8kb7

vulnerability	VCID-q3he-ta5n-hkec

vulnerability	VCID-q7dx-jb8e-wua4

vulnerability	VCID-smd5-xy65-jufc

vulnerability	VCID-tc3h-gp3h-euf9

vulnerability	VCID-tfyx-ssz9-1qah

vulnerability	VCID-trdq-rcjg-s7gy

vulnerability	VCID-w7dd-uzf2-d7au

vulnerability	VCID-wau9-knn5-vqbp

vulnerability	VCID-z31q-4wvb-gfhp

resource_url http://public2.vulnerablecode.io/packages/pkg:nuget/DotNetNuke.Core@9.3.0

aliases CVE-2018-15811, GHSA-h595-8pw6-5q6v

risk_score 10.0

exploitability 2.0

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-5kvr-gpby-wygq

url VCID-g68k-ds4r-77b1

vulnerability_id VCID-g68k-ds4r-77b1

summary Insufficient Entropy in DotNetNuke

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2018-15812

reference_id

reference_type

scores

value	0.79178
scoring_system	epss
scoring_elements	0.9909
published_at	2026-06-11T12:55:00Z

value	0.79178
scoring_system	epss
scoring_elements	0.99095
published_at	2026-06-13T12:55:00Z

value	0.79178
scoring_system	epss
scoring_elements	0.99094
published_at	2026-06-12T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2018-15812

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2018-15812

reference_id

CVE-2018-15812

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2018-15812

reference_url

https://github.com/advisories/GHSA-pf46-gqg9-j3v3

reference_id

GHSA-pf46-gqg9-j3v3

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-pf46-gqg9-j3v3

fixed_packages

url pkg:nuget/DotNetNuke.Core@9.2.1.533

purl pkg:nuget/DotNetNuke.Core@9.2.1.533

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2d1y-21mg-9kdx

vulnerability	VCID-4wd1-t7cm-9yd2

vulnerability	VCID-5kvr-gpby-wygq

vulnerability	VCID-6227-44sm-nkbb

vulnerability	VCID-76dr-n4fx-nud6

vulnerability	VCID-as6z-jr8m-6kbm

vulnerability	VCID-axxm-bb71-33dj

vulnerability	VCID-c87b-2p6c-xqh8

vulnerability	VCID-eaz6-q3m7-4bep

vulnerability	VCID-epah-7729-rqba

vulnerability	VCID-f55k-m678-vbfr

vulnerability	VCID-fyxq-vtfm-s3ec

vulnerability	VCID-gkac-w1q4-wfgw

vulnerability	VCID-hdzp-q5cp-uuf5

vulnerability	VCID-k89y-aedv-uugd

vulnerability	VCID-kwns-m3j3-8kb7

vulnerability	VCID-q3he-ta5n-hkec

vulnerability	VCID-q7dx-jb8e-wua4

vulnerability	VCID-smd5-xy65-jufc

vulnerability	VCID-tc3h-gp3h-euf9

vulnerability	VCID-tfyx-ssz9-1qah

vulnerability	VCID-trdq-rcjg-s7gy

vulnerability	VCID-w7dd-uzf2-d7au

vulnerability	VCID-w8mm-p8mb-sqbg

vulnerability	VCID-wau9-knn5-vqbp

vulnerability	VCID-xmh6-rwbu-c3bb

vulnerability	VCID-z31q-4wvb-gfhp

resource_url http://public2.vulnerablecode.io/packages/pkg:nuget/DotNetNuke.Core@9.2.1.533

url pkg:nuget/DotNetNuke.Core@9.2.2

purl pkg:nuget/DotNetNuke.Core@9.2.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-w8mm-p8mb-sqbg

resource_url http://public2.vulnerablecode.io/packages/pkg:nuget/DotNetNuke.Core@9.2.2

url pkg:nuget/DotNetNuke.Core@9.3.0

purl pkg:nuget/DotNetNuke.Core@9.3.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2d1y-21mg-9kdx

vulnerability	VCID-4wd1-t7cm-9yd2

vulnerability	VCID-6227-44sm-nkbb

vulnerability	VCID-76dr-n4fx-nud6

vulnerability	VCID-as6z-jr8m-6kbm

vulnerability	VCID-axxm-bb71-33dj

vulnerability	VCID-c87b-2p6c-xqh8

vulnerability	VCID-eaz6-q3m7-4bep

vulnerability	VCID-epah-7729-rqba

vulnerability	VCID-f55k-m678-vbfr

vulnerability	VCID-fyxq-vtfm-s3ec

vulnerability	VCID-gkac-w1q4-wfgw

vulnerability	VCID-hdzp-q5cp-uuf5

vulnerability	VCID-k89y-aedv-uugd

vulnerability	VCID-kwns-m3j3-8kb7

vulnerability	VCID-q3he-ta5n-hkec

vulnerability	VCID-q7dx-jb8e-wua4

vulnerability	VCID-smd5-xy65-jufc

vulnerability	VCID-tc3h-gp3h-euf9

vulnerability	VCID-tfyx-ssz9-1qah

vulnerability	VCID-trdq-rcjg-s7gy

vulnerability	VCID-w7dd-uzf2-d7au

vulnerability	VCID-wau9-knn5-vqbp

vulnerability	VCID-z31q-4wvb-gfhp

resource_url http://public2.vulnerablecode.io/packages/pkg:nuget/DotNetNuke.Core@9.3.0

aliases CVE-2018-15812, GHSA-pf46-gqg9-j3v3

risk_score 10.0

exploitability 2.0

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-g68k-ds4r-77b1

url VCID-w8mm-p8mb-sqbg

vulnerability_id VCID-w8mm-p8mb-sqbg

summary Insufficient Entropy in DotNetNuke

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2018-18326

reference_id

reference_type

scores

value	0.75829
scoring_system	epss
scoring_elements	0.9893
published_at	2026-06-11T12:55:00Z

value	0.75829
scoring_system	epss
scoring_elements	0.98935
published_at	2026-06-13T12:55:00Z

value	0.75829
scoring_system	epss
scoring_elements	0.98934
published_at	2026-06-12T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2018-18326

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2018-18326

reference_id

CVE-2018-18326

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2018-18326

reference_url

https://github.com/advisories/GHSA-xx3h-j3cx-8qfj

reference_id

GHSA-xx3h-j3cx-8qfj

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-xx3h-j3cx-8qfj

fixed_packages

url pkg:nuget/DotNetNuke.Core@9.3.0

purl pkg:nuget/DotNetNuke.Core@9.3.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2d1y-21mg-9kdx

vulnerability	VCID-4wd1-t7cm-9yd2

vulnerability	VCID-6227-44sm-nkbb

vulnerability	VCID-76dr-n4fx-nud6

vulnerability	VCID-as6z-jr8m-6kbm

vulnerability	VCID-axxm-bb71-33dj

vulnerability	VCID-c87b-2p6c-xqh8

vulnerability	VCID-eaz6-q3m7-4bep

vulnerability	VCID-epah-7729-rqba

vulnerability	VCID-f55k-m678-vbfr

vulnerability	VCID-fyxq-vtfm-s3ec

vulnerability	VCID-gkac-w1q4-wfgw

vulnerability	VCID-hdzp-q5cp-uuf5

vulnerability	VCID-k89y-aedv-uugd

vulnerability	VCID-kwns-m3j3-8kb7

vulnerability	VCID-q3he-ta5n-hkec

vulnerability	VCID-q7dx-jb8e-wua4

vulnerability	VCID-smd5-xy65-jufc

vulnerability	VCID-tc3h-gp3h-euf9

vulnerability	VCID-tfyx-ssz9-1qah

vulnerability	VCID-trdq-rcjg-s7gy

vulnerability	VCID-w7dd-uzf2-d7au

vulnerability	VCID-wau9-knn5-vqbp

vulnerability	VCID-z31q-4wvb-gfhp

resource_url http://public2.vulnerablecode.io/packages/pkg:nuget/DotNetNuke.Core@9.3.0

aliases CVE-2018-18326, GHSA-xx3h-j3cx-8qfj

risk_score 10.0

exploitability 2.0

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-w8mm-p8mb-sqbg

url VCID-xmh6-rwbu-c3bb

vulnerability_id VCID-xmh6-rwbu-c3bb

summary DNN (aka DotNetNuke) 9.2 through 9.2.2 uses a weak encryption algorithm to protect input parameters. NOTE: this issue exists because of an incomplete fix for CVE-2018-15811.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2018-18325

reference_id

reference_type

scores

value	0.92916
scoring_system	epss
scoring_elements	0.99783
published_at	2026-06-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2018-18325

reference_url

https://github.com/dnnsoftware/Dnn.Platform

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/dnnsoftware/Dnn.Platform

reference_url

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2018-18325

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2018-18325

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2018-18325

reference_id

CVE-2018-18325

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2018-18325

reference_url

http://packetstormsecurity.com/files/157080/DotNetNuke-Cookie-Deserialization-Remote-Code-Execution.html

reference_id

DotNetNuke-Cookie-Deserialization-Remote-Code-Execution.html

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Attend
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-02-04T20:15:01Z/

url

http://packetstormsecurity.com/files/157080/DotNetNuke-Cookie-Deserialization-Remote-Code-Execution.html

reference_url

https://github.com/advisories/GHSA-j3g9-6fx5-gjv7

reference_id

GHSA-j3g9-6fx5-gjv7

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-j3g9-6fx5-gjv7

reference_url

https://github.com/dnnsoftware/Dnn.Platform/releases

reference_id

releases

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Attend
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-02-04T20:15:01Z/

url

https://github.com/dnnsoftware/Dnn.Platform/releases

reference_url

https://www.dnnsoftware.com/community/security/security-center

reference_id

security-center

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Attend
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-02-04T20:15:01Z/

url

https://www.dnnsoftware.com/community/security/security-center

fixed_packages

url pkg:nuget/DotNetNuke.Core@9.3.0

purl pkg:nuget/DotNetNuke.Core@9.3.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2d1y-21mg-9kdx

vulnerability	VCID-4wd1-t7cm-9yd2

vulnerability	VCID-6227-44sm-nkbb

vulnerability	VCID-76dr-n4fx-nud6

vulnerability	VCID-as6z-jr8m-6kbm

vulnerability	VCID-axxm-bb71-33dj

vulnerability	VCID-c87b-2p6c-xqh8

vulnerability	VCID-eaz6-q3m7-4bep

vulnerability	VCID-epah-7729-rqba

vulnerability	VCID-f55k-m678-vbfr

vulnerability	VCID-fyxq-vtfm-s3ec

vulnerability	VCID-gkac-w1q4-wfgw

vulnerability	VCID-hdzp-q5cp-uuf5

vulnerability	VCID-k89y-aedv-uugd

vulnerability	VCID-kwns-m3j3-8kb7

vulnerability	VCID-q3he-ta5n-hkec

vulnerability	VCID-q7dx-jb8e-wua4

vulnerability	VCID-smd5-xy65-jufc

vulnerability	VCID-tc3h-gp3h-euf9

vulnerability	VCID-tfyx-ssz9-1qah

vulnerability	VCID-trdq-rcjg-s7gy

vulnerability	VCID-w7dd-uzf2-d7au

vulnerability	VCID-wau9-knn5-vqbp

vulnerability	VCID-z31q-4wvb-gfhp

resource_url http://public2.vulnerablecode.io/packages/pkg:nuget/DotNetNuke.Core@9.3.0

aliases CVE-2018-18325, GHSA-j3g9-6fx5-gjv7

risk_score 10.0

exploitability 2.0

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-xmh6-rwbu-c3bb

Risk_score 10.0

Resource_url http://public2.vulnerablecode.io/packages/pkg:nuget/DotNetNuke.Core@9.3.0

Package Instance