{"url":"http://public2.vulnerablecode.io/api/packages/387802?format=json","purl":"pkg:nuget/DotNetNuke.Core@6.0.0","type":"nuget","namespace":"","name":"DotNetNuke.Core","version":"6.0.0","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"10.2.2","latest_non_vulnerable_version":"10.2.2","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/101125?format=json","vulnerability_id":"VCID-2d1y-21mg-9kdx","summary":"DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Prior to version 10.1.0, administrators and content editors can set html in module titles that could include javascript which could be used for XSS based attacks. This issue has been patched in version 10.1.0.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-59546","reference_id":"","reference_type":"","scores":[{"value":"0.00038","scoring_system":"epss","scoring_elements":"0.11824","published_at":"2026-06-14T12:55:00Z"},{"value":"0.00038","scoring_system":"epss","scoring_elements":"0.11765","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00038","scoring_system":"epss","scoring_elements":"0.11848","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00038","scoring_system":"epss","scoring_elements":"0.11849","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-59546"},{"reference_url":"https://github.com/dnnsoftware/Dnn.Platform","reference_id":"","reference_type":"","scores":[{"value":"2.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/dnnsoftware/Dnn.Platform"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-59546","reference_id":"","reference_type":"","scores":[{"value":"2.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-59546"},{"reference_url":"https://github.com/advisories/GHSA-gj8m-5492-q98h","reference_id":"GHSA-gj8m-5492-q98h","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-gj8m-5492-q98h"},{"reference_url":"https://github.com/dnnsoftware/Dnn.Platform/security/advisories/GHSA-gj8m-5492-q98h","reference_id":"GHSA-gj8m-5492-q98h","reference_type":"","scores":[{"value":"2.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N"},{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-23T18:30:03Z/"}],"url":"https://github.com/dnnsoftware/Dnn.Platform/security/advisories/GHSA-gj8m-5492-q98h"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/376615?format=json","purl":"pkg:nuget/DotNetNuke.Core@10.1.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6227-44sm-nkbb"},{"vulnerability":"VCID-axxm-bb71-33dj"},{"vulnerability":"VCID-fyxq-vtfm-s3ec"},{"vulnerability":"VCID-k89y-aedv-uugd"},{"vulnerability":"VCID-kwns-m3j3-8kb7"},{"vulnerability":"VCID-q7dx-jb8e-wua4"},{"vulnerability":"VCID-smd5-xy65-jufc"},{"vulnerability":"VCID-wau9-knn5-vqbp"},{"vulnerability":"VCID-z9tg-26ja-c7hw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:nuget/DotNetNuke.Core@10.1.0"}],"aliases":["CVE-2025-59546","GHSA-gj8m-5492-q98h"],"risk_score":1.4,"exploitability":"0.5","weighted_severity":"2.7","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2d1y-21mg-9kdx"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/270210?format=json","vulnerability_id":"VCID-2wya-nj46-dff2","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2013-7335","reference_id":"","reference_type":"","scores":[{"value":"0.00274","scoring_system":"epss","scoring_elements":"0.5113","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00274","scoring_system":"epss","scoring_elements":"0.51261","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00274","scoring_system":"epss","scoring_elements":"0.51275","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00274","scoring_system":"epss","scoring_elements":"0.51263","published_at":"2026-06-14T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2013-7335"},{"reference_url":"http://secunia.com/advisories/53493","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/53493"},{"reference_url":"https://github.com/dnnsoftware/Dnn.Platform","reference_id":"","reference_type":"","scores":[{"value":"4.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/dnnsoftware/Dnn.Platform"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2013-7335","reference_id":"","reference_type":"","scores":[{"value":"4.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2013-7335"},{"reference_url":"http://www.dnnsoftware.com/platform/manage/security-center","reference_id":"","reference_type":"","scores":[{"value":"4.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.dnnsoftware.com/platform/manage/security-center"},{"reference_url":"http://www.securityfocus.com/bid/61809","reference_id":"","reference_type":"","scores":[{"value":"4.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.securityfocus.com/bid/61809"},{"reference_url":"https://github.com/advisories/GHSA-mj48-f959-pqph","reference_id":"GHSA-mj48-f959-pqph","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-mj48-f959-pqph"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/384695?format=json","purl":"pkg:nuget/DotNetNuke.Core@6.2.9","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:nuget/DotNetNuke.Core@6.2.9"},{"url":"http://public2.vulnerablecode.io/api/packages/384696?format=json","purl":"pkg:nuget/DotNetNuke.Core@7.1.1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:nuget/DotNetNuke.Core@7.1.1"},{"url":"http://public2.vulnerablecode.io/api/packages/388108?format=json","purl":"pkg:nuget/DotNetNuke.Core@7.2.0","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:nuget/DotNetNuke.Core@7.2.0"},{"url":"http://public2.vulnerablecode.io/api/packages/400849?format=json","purl":"pkg:nuget/DotNetNuke.Core@9.13.0-ci0000","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2d1y-21mg-9kdx"},{"vulnerability":"VCID-4wd1-t7cm-9yd2"},{"vulnerability":"VCID-6227-44sm-nkbb"},{"vulnerability":"VCID-as6z-jr8m-6kbm"},{"vulnerability":"VCID-axxm-bb71-33dj"},{"vulnerability":"VCID-c87b-2p6c-xqh8"},{"vulnerability":"VCID-epah-7729-rqba"},{"vulnerability":"VCID-f55k-m678-vbfr"},{"vulnerability":"VCID-fyxq-vtfm-s3ec"},{"vulnerability":"VCID-k89y-aedv-uugd"},{"vulnerability":"VCID-kwns-m3j3-8kb7"},{"vulnerability":"VCID-q3he-ta5n-hkec"},{"vulnerability":"VCID-q7dx-jb8e-wua4"},{"vulnerability":"VCID-smd5-xy65-jufc"},{"vulnerability":"VCID-trdq-rcjg-s7gy"},{"vulnerability":"VCID-wau9-knn5-vqbp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:nuget/DotNetNuke.Core@9.13.0-ci0000"}],"aliases":["CVE-2013-7335","GHSA-mj48-f959-pqph"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2wya-nj46-dff2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/117967?format=json","vulnerability_id":"VCID-4wd1-t7cm-9yd2","summary":"DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Prior to version 9.13.9, uploaded SVG files could contain scripts and if rendered inline those scripts could run allowing XSS attacks. Version 9.13.9 fixes the issue.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-48378","reference_id":"","reference_type":"","scores":[{"value":"0.00055","scoring_system":"epss","scoring_elements":"0.17809","published_at":"2026-06-14T12:55:00Z"},{"value":"0.00055","scoring_system":"epss","scoring_elements":"0.17817","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00055","scoring_system":"epss","scoring_elements":"0.17834","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00055","scoring_system":"epss","scoring_elements":"0.17657","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-48378"},{"reference_url":"https://github.com/dnnsoftware/Dnn.Platform","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/dnnsoftware/Dnn.Platform"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-48378","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-48378"},{"reference_url":"https://github.com/dnnsoftware/Dnn.Platform/commit/cfed83c291d5e5072b2fa70924a8b7c35b1cdf9e","reference_id":"cfed83c291d5e5072b2fa70924a8b7c35b1cdf9e","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-23T16:00:53Z/"}],"url":"https://github.com/dnnsoftware/Dnn.Platform/commit/cfed83c291d5e5072b2fa70924a8b7c35b1cdf9e"},{"reference_url":"https://github.com/advisories/GHSA-m4hf-fxcg-cp34","reference_id":"GHSA-m4hf-fxcg-cp34","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-m4hf-fxcg-cp34"},{"reference_url":"https://github.com/dnnsoftware/Dnn.Platform/security/advisories/GHSA-m4hf-fxcg-cp34","reference_id":"GHSA-m4hf-fxcg-cp34","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"6.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-23T16:00:53Z/"}],"url":"https://github.com/dnnsoftware/Dnn.Platform/security/advisories/GHSA-m4hf-fxcg-cp34"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/38328?format=json","purl":"pkg:nuget/DotNetNuke.Core@9.13.9","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2d1y-21mg-9kdx"},{"vulnerability":"VCID-6227-44sm-nkbb"},{"vulnerability":"VCID-as6z-jr8m-6kbm"},{"vulnerability":"VCID-axxm-bb71-33dj"},{"vulnerability":"VCID-c87b-2p6c-xqh8"},{"vulnerability":"VCID-epah-7729-rqba"},{"vulnerability":"VCID-fyxq-vtfm-s3ec"},{"vulnerability":"VCID-k89y-aedv-uugd"},{"vulnerability":"VCID-kwns-m3j3-8kb7"},{"vulnerability":"VCID-q7dx-jb8e-wua4"},{"vulnerability":"VCID-smd5-xy65-jufc"},{"vulnerability":"VCID-trdq-rcjg-s7gy"},{"vulnerability":"VCID-wau9-knn5-vqbp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:nuget/DotNetNuke.Core@9.13.9"}],"aliases":["CVE-2025-48378","GHSA-m4hf-fxcg-cp34"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-4wd1-t7cm-9yd2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/201686?format=json","vulnerability_id":"VCID-5eqv-4vr8-9ug1","summary":"The installation wizard in DotNetNuke (DNN) allows privilege escalation","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-2794","reference_id":"","reference_type":"","scores":[{"value":"0.927","scoring_system":"epss","scoring_elements":"0.99764","published_at":"2026-06-11T12:55:00Z"},{"value":"0.927","scoring_system":"epss","scoring_elements":"0.99765","published_at":"2026-06-14T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-2794"},{"reference_url":"https://dotnetnuke.codeplex.com/releases/view/615317","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://dotnetnuke.codeplex.com/releases/view/615317"},{"reference_url":"https://www.exploit-db.com/exploits/39777","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.exploit-db.com/exploits/39777"},{"reference_url":"https://www.exploit-db.com/exploits/39777/","reference_id":"","reference_type":"","scores":[],"url":"https://www.exploit-db.com/exploits/39777/"},{"reference_url":"http://www.dnnsoftware.com/community-blog/cid/155198/workaround-for-potential-security-issue","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.dnnsoftware.com/community-blog/cid/155198/workaround-for-potential-security-issue"},{"reference_url":"http://www.securityfocus.com/bid/96373","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.securityfocus.com/bid/96373"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/asp/webapps/39777.txt","reference_id":"CVE-2015-2794","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/asp/webapps/39777.txt"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2015-2794","reference_id":"CVE-2015-2794","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2015-2794"},{"reference_url":"https://github.com/advisories/GHSA-x8f7-h444-97w4","reference_id":"GHSA-x8f7-h444-97w4","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-x8f7-h444-97w4"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/388334?format=json","purl":"pkg:nuget/DotNetNuke.Core@7.4.0.353","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2d1y-21mg-9kdx"},{"vulnerability":"VCID-4wd1-t7cm-9yd2"},{"vulnerability":"VCID-76dr-n4fx-nud6"},{"vulnerability":"VCID-8vft-tfmv-5qfr"},{"vulnerability":"VCID-as6z-jr8m-6kbm"},{"vulnerability":"VCID-axxm-bb71-33dj"},{"vulnerability":"VCID-c87b-2p6c-xqh8"},{"vulnerability":"VCID-eaz6-q3m7-4bep"},{"vulnerability":"VCID-epah-7729-rqba"},{"vulnerability":"VCID-f55k-m678-vbfr"},{"vulnerability":"VCID-fyxq-vtfm-s3ec"},{"vulnerability":"VCID-gkac-w1q4-wfgw"},{"vulnerability":"VCID-hdzp-q5cp-uuf5"},{"vulnerability":"VCID-j6vd-2rnp-n7e5"},{"vulnerability":"VCID-kwns-m3j3-8kb7"},{"vulnerability":"VCID-q3he-ta5n-hkec"},{"vulnerability":"VCID-q3w4-ejd5-pqfz"},{"vulnerability":"VCID-q7dx-jb8e-wua4"},{"vulnerability":"VCID-smd5-xy65-jufc"},{"vulnerability":"VCID-tc3h-gp3h-euf9"},{"vulnerability":"VCID-tfyx-ssz9-1qah"},{"vulnerability":"VCID-trdq-rcjg-s7gy"},{"vulnerability":"VCID-w7dd-uzf2-d7au"},{"vulnerability":"VCID-xmh6-rwbu-c3bb"},{"vulnerability":"VCID-z31q-4wvb-gfhp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:nuget/DotNetNuke.Core@7.4.0.353"},{"url":"http://public2.vulnerablecode.io/api/packages/13806?format=json","purl":"pkg:nuget/DotNetNuke.Core@7.4.1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:nuget/DotNetNuke.Core@7.4.1"}],"aliases":["CVE-2015-2794","GHSA-x8f7-h444-97w4"],"risk_score":10.0,"exploitability":"2.0","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-5eqv-4vr8-9ug1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/343448?format=json","vulnerability_id":"VCID-76dr-n4fx-nud6","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-40186","reference_id":"","reference_type":"","scores":[{"value":"0.00311","scoring_system":"epss","scoring_elements":"0.54749","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00311","scoring_system":"epss","scoring_elements":"0.54872","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00311","scoring_system":"epss","scoring_elements":"0.54889","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00311","scoring_system":"epss","scoring_elements":"0.54873","published_at":"2026-06-14T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-40186"},{"reference_url":"https://appcheck-ng.com/dnn-cms-server-side-request-forgery-cve-2021-40186","reference_id":"","reference_type":"","scores":[],"url":"https://appcheck-ng.com/dnn-cms-server-side-request-forgery-cve-2021-40186"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-40186","reference_id":"CVE-2021-40186","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-40186"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/400849?format=json","purl":"pkg:nuget/DotNetNuke.Core@9.13.0-ci0000","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2d1y-21mg-9kdx"},{"vulnerability":"VCID-4wd1-t7cm-9yd2"},{"vulnerability":"VCID-6227-44sm-nkbb"},{"vulnerability":"VCID-as6z-jr8m-6kbm"},{"vulnerability":"VCID-axxm-bb71-33dj"},{"vulnerability":"VCID-c87b-2p6c-xqh8"},{"vulnerability":"VCID-epah-7729-rqba"},{"vulnerability":"VCID-f55k-m678-vbfr"},{"vulnerability":"VCID-fyxq-vtfm-s3ec"},{"vulnerability":"VCID-k89y-aedv-uugd"},{"vulnerability":"VCID-kwns-m3j3-8kb7"},{"vulnerability":"VCID-q3he-ta5n-hkec"},{"vulnerability":"VCID-q7dx-jb8e-wua4"},{"vulnerability":"VCID-smd5-xy65-jufc"},{"vulnerability":"VCID-trdq-rcjg-s7gy"},{"vulnerability":"VCID-wau9-knn5-vqbp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:nuget/DotNetNuke.Core@9.13.0-ci0000"}],"aliases":["CVE-2021-40186"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-76dr-n4fx-nud6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/201624?format=json","vulnerability_id":"VCID-8vft-tfmv-5qfr","summary":"High severity vulnerability that affects DotNetNuke.Core","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-0929","reference_id":"","reference_type":"","scores":[{"value":"0.92183","scoring_system":"epss","scoring_elements":"0.99728","published_at":"2026-06-11T12:55:00Z"},{"value":"0.92183","scoring_system":"epss","scoring_elements":"0.99729","published_at":"2026-06-14T12:55:00Z"},{"value":"0.92183","scoring_system":"epss","scoring_elements":"0.9973","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-0929"},{"reference_url":"https://github.com/dnnsoftware/Dnn.Platform","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/dnnsoftware/Dnn.Platform"},{"reference_url":"https://github.com/dnnsoftware/Dnn.Platform/commit/d3953db85fee77bb5e6383747692c507ef8b94c3","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/dnnsoftware/Dnn.Platform/commit/d3953db85fee77bb5e6383747692c507ef8b94c3"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-0929","reference_id":"CVE-2017-0929","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-0929"},{"reference_url":"https://github.com/advisories/GHSA-g8j6-m4p7-5rfq","reference_id":"GHSA-g8j6-m4p7-5rfq","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-g8j6-m4p7-5rfq"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/13751?format=json","purl":"pkg:nuget/DotNetNuke.Core@9.2.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5kvr-gpby-wygq"},{"vulnerability":"VCID-g68k-ds4r-77b1"},{"vulnerability":"VCID-w8mm-p8mb-sqbg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:nuget/DotNetNuke.Core@9.2.0"},{"url":"http://public2.vulnerablecode.io/api/packages/390539?format=json","purl":"pkg:nuget/DotNetNuke.Core@9.2.0.366","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2d1y-21mg-9kdx"},{"vulnerability":"VCID-4wd1-t7cm-9yd2"},{"vulnerability":"VCID-5kvr-gpby-wygq"},{"vulnerability":"VCID-6227-44sm-nkbb"},{"vulnerability":"VCID-76dr-n4fx-nud6"},{"vulnerability":"VCID-as6z-jr8m-6kbm"},{"vulnerability":"VCID-axxm-bb71-33dj"},{"vulnerability":"VCID-c87b-2p6c-xqh8"},{"vulnerability":"VCID-eaz6-q3m7-4bep"},{"vulnerability":"VCID-epah-7729-rqba"},{"vulnerability":"VCID-f55k-m678-vbfr"},{"vulnerability":"VCID-fyxq-vtfm-s3ec"},{"vulnerability":"VCID-g68k-ds4r-77b1"},{"vulnerability":"VCID-gkac-w1q4-wfgw"},{"vulnerability":"VCID-hdzp-q5cp-uuf5"},{"vulnerability":"VCID-k89y-aedv-uugd"},{"vulnerability":"VCID-kwns-m3j3-8kb7"},{"vulnerability":"VCID-q3he-ta5n-hkec"},{"vulnerability":"VCID-q7dx-jb8e-wua4"},{"vulnerability":"VCID-smd5-xy65-jufc"},{"vulnerability":"VCID-tc3h-gp3h-euf9"},{"vulnerability":"VCID-tfyx-ssz9-1qah"},{"vulnerability":"VCID-trdq-rcjg-s7gy"},{"vulnerability":"VCID-w7dd-uzf2-d7au"},{"vulnerability":"VCID-w8mm-p8mb-sqbg"},{"vulnerability":"VCID-wau9-knn5-vqbp"},{"vulnerability":"VCID-xmh6-rwbu-c3bb"},{"vulnerability":"VCID-z31q-4wvb-gfhp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:nuget/DotNetNuke.Core@9.2.0.366"}],"aliases":["CVE-2017-0929","GHSA-g8j6-m4p7-5rfq"],"risk_score":10.0,"exploitability":"2.0","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-8vft-tfmv-5qfr"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/263059?format=json","vulnerability_id":"VCID-9bhd-qqr2-1yhy","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-1030","reference_id":"","reference_type":"","scores":[{"value":"0.00263","scoring_system":"epss","scoring_elements":"0.49976","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00263","scoring_system":"epss","scoring_elements":"0.5011","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00263","scoring_system":"epss","scoring_elements":"0.50129","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00263","scoring_system":"epss","scoring_elements":"0.50114","published_at":"2026-06-14T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-1030"},{"reference_url":"http://technet.microsoft.com/en-us/security/msvr/msvr12-003","reference_id":"","reference_type":"","scores":[],"url":"http://technet.microsoft.com/en-us/security/msvr/msvr12-003"},{"reference_url":"http://www.dotnetnuke.com/News/Security-Policy/Security-bulletin-no.62.aspx","reference_id":"","reference_type":"","scores":[],"url":"http://www.dotnetnuke.com/News/Security-Policy/Security-bulletin-no.62.aspx"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2012-1030","reference_id":"CVE-2012-1030","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2012-1030"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/387826?format=json","purl":"pkg:nuget/DotNetNuke.Core@7.0.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2d1y-21mg-9kdx"},{"vulnerability":"VCID-2wya-nj46-dff2"},{"vulnerability":"VCID-4wd1-t7cm-9yd2"},{"vulnerability":"VCID-5eqv-4vr8-9ug1"},{"vulnerability":"VCID-76dr-n4fx-nud6"},{"vulnerability":"VCID-8vft-tfmv-5qfr"},{"vulnerability":"VCID-as6z-jr8m-6kbm"},{"vulnerability":"VCID-axxm-bb71-33dj"},{"vulnerability":"VCID-bmfr-jaur-3kfq"},{"vulnerability":"VCID-c87b-2p6c-xqh8"},{"vulnerability":"VCID-eaz6-q3m7-4bep"},{"vulnerability":"VCID-epah-7729-rqba"},{"vulnerability":"VCID-f55k-m678-vbfr"},{"vulnerability":"VCID-fyxq-vtfm-s3ec"},{"vulnerability":"VCID-gkac-w1q4-wfgw"},{"vulnerability":"VCID-hdzp-q5cp-uuf5"},{"vulnerability":"VCID-j6vd-2rnp-n7e5"},{"vulnerability":"VCID-jcyr-1pnk-e3er"},{"vulnerability":"VCID-kwns-m3j3-8kb7"},{"vulnerability":"VCID-q3he-ta5n-hkec"},{"vulnerability":"VCID-q3w4-ejd5-pqfz"},{"vulnerability":"VCID-q7dx-jb8e-wua4"},{"vulnerability":"VCID-qk9a-b246-tfeh"},{"vulnerability":"VCID-smd5-xy65-jufc"},{"vulnerability":"VCID-tc3h-gp3h-euf9"},{"vulnerability":"VCID-tfyx-ssz9-1qah"},{"vulnerability":"VCID-trdq-rcjg-s7gy"},{"vulnerability":"VCID-w7dd-uzf2-d7au"},{"vulnerability":"VCID-xmh6-rwbu-c3bb"},{"vulnerability":"VCID-z31q-4wvb-gfhp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:nuget/DotNetNuke.Core@7.0.0"}],"aliases":["CVE-2012-1030"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9bhd-qqr2-1yhy"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/100676?format=json","vulnerability_id":"VCID-as6z-jr8m-6kbm","summary":"DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Prior to version 10.1.0, DNN’s URL/path handling and template rendering can allow specially crafted input to be reflected into a user profile that is returned to the browser. In these cases, the application does not sufficiently neutralize or encode characters that are meaningful in HTML, so an attacker can cause a victim’s browser to interpret attacker-controlled content as part of the page’s HTML. This issue has been patched in version 10.1.0.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-59821","reference_id":"","reference_type":"","scores":[{"value":"0.00047","scoring_system":"epss","scoring_elements":"0.1501","published_at":"2026-06-14T12:55:00Z"},{"value":"0.00047","scoring_system":"epss","scoring_elements":"0.14918","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00047","scoring_system":"epss","scoring_elements":"0.15038","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00047","scoring_system":"epss","scoring_elements":"0.1504","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-59821"},{"reference_url":"https://github.com/dnnsoftware/Dnn.Platform","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/dnnsoftware/Dnn.Platform"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-59821","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-59821"},{"reference_url":"https://github.com/advisories/GHSA-jc4g-c8ww-5738","reference_id":"GHSA-jc4g-c8ww-5738","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-jc4g-c8ww-5738"},{"reference_url":"https://github.com/dnnsoftware/Dnn.Platform/security/advisories/GHSA-jc4g-c8ww-5738","reference_id":"GHSA-jc4g-c8ww-5738","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-23T18:29:53Z/"}],"url":"https://github.com/dnnsoftware/Dnn.Platform/security/advisories/GHSA-jc4g-c8ww-5738"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/376615?format=json","purl":"pkg:nuget/DotNetNuke.Core@10.1.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6227-44sm-nkbb"},{"vulnerability":"VCID-axxm-bb71-33dj"},{"vulnerability":"VCID-fyxq-vtfm-s3ec"},{"vulnerability":"VCID-k89y-aedv-uugd"},{"vulnerability":"VCID-kwns-m3j3-8kb7"},{"vulnerability":"VCID-q7dx-jb8e-wua4"},{"vulnerability":"VCID-smd5-xy65-jufc"},{"vulnerability":"VCID-wau9-knn5-vqbp"},{"vulnerability":"VCID-z9tg-26ja-c7hw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:nuget/DotNetNuke.Core@10.1.0"}],"aliases":["CVE-2025-59821","GHSA-jc4g-c8ww-5738"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-as6z-jr8m-6kbm"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/84334?format=json","vulnerability_id":"VCID-axxm-bb71-33dj","summary":"DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Prior to version 10.2.2, a user could upload a specially crafted SVG file that could include scripts that can target both authenticated and unauthenticated DNN users. The impact is increased if the scripts are run by a power user. Version 10.2.2 patches the issue.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-40321","reference_id":"","reference_type":"","scores":[{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.0613","published_at":"2026-06-14T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.06144","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.06153","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.06131","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-40321"},{"reference_url":"https://github.com/dnnsoftware/Dnn.Platform","reference_id":"","reference_type":"","scores":[{"value":"8.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/dnnsoftware/Dnn.Platform"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-40321","reference_id":"","reference_type":"","scores":[{"value":"8.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-40321"},{"reference_url":"https://github.com/advisories/GHSA-ffq7-898w-9jc4","reference_id":"GHSA-ffq7-898w-9jc4","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-ffq7-898w-9jc4"},{"reference_url":"https://github.com/dnnsoftware/Dnn.Platform/security/advisories/GHSA-ffq7-898w-9jc4","reference_id":"GHSA-ffq7-898w-9jc4","reference_type":"","scores":[{"value":"8.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H"},{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-20T16:00:34Z/"}],"url":"https://github.com/dnnsoftware/Dnn.Platform/security/advisories/GHSA-ffq7-898w-9jc4"},{"reference_url":"https://github.com/dnnsoftware/Dnn.Platform/releases/tag/v10.2.2","reference_id":"v10.2.2","reference_type":"","scores":[{"value":"8.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H"},{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-20T16:00:34Z/"}],"url":"https://github.com/dnnsoftware/Dnn.Platform/releases/tag/v10.2.2"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373520?format=json","purl":"pkg:nuget/DotNetNuke.Core@10.2.2","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:nuget/DotNetNuke.Core@10.2.2"}],"aliases":["CVE-2026-40321","GHSA-ffq7-898w-9jc4"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-axxm-bb71-33dj"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/268807?format=json","vulnerability_id":"VCID-bmfr-jaur-3kfq","summary":"","references":[{"reference_url":"http://packetstormsecurity.com/files/122792/DotNetNuke-DNN-7.1.0-6.2.8-Cross-Site-Scripting.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://packetstormsecurity.com/files/122792/DotNetNuke-DNN-7.1.0-6.2.8-Cross-Site-Scripting.html"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2013-4649","reference_id":"","reference_type":"","scores":[{"value":"0.00269","scoring_system":"epss","scoring_elements":"0.50825","published_at":"2026-06-14T12:55:00Z"},{"value":"0.00269","scoring_system":"epss","scoring_elements":"0.50821","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00269","scoring_system":"epss","scoring_elements":"0.50837","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00269","scoring_system":"epss","scoring_elements":"0.50688","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2013-4649"},{"reference_url":"http://secunia.com/advisories/53493","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://secunia.com/advisories/53493"},{"reference_url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/86432","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/86432"},{"reference_url":"https://github.com/dnnsoftware/Dnn.Platform","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/dnnsoftware/Dnn.Platform"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2013-4649","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2013-4649"},{"reference_url":"http://www.dnnsoftware.com/platform/manage/security-center","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.dnnsoftware.com/platform/manage/security-center"},{"reference_url":"https://github.com/advisories/GHSA-rvrj-j7cc-236p","reference_id":"GHSA-rvrj-j7cc-236p","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-rvrj-j7cc-236p"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/384695?format=json","purl":"pkg:nuget/DotNetNuke.Core@6.2.9","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:nuget/DotNetNuke.Core@6.2.9"},{"url":"http://public2.vulnerablecode.io/api/packages/384696?format=json","purl":"pkg:nuget/DotNetNuke.Core@7.1.1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:nuget/DotNetNuke.Core@7.1.1"},{"url":"http://public2.vulnerablecode.io/api/packages/388108?format=json","purl":"pkg:nuget/DotNetNuke.Core@7.2.0","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:nuget/DotNetNuke.Core@7.2.0"},{"url":"http://public2.vulnerablecode.io/api/packages/400849?format=json","purl":"pkg:nuget/DotNetNuke.Core@9.13.0-ci0000","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2d1y-21mg-9kdx"},{"vulnerability":"VCID-4wd1-t7cm-9yd2"},{"vulnerability":"VCID-6227-44sm-nkbb"},{"vulnerability":"VCID-as6z-jr8m-6kbm"},{"vulnerability":"VCID-axxm-bb71-33dj"},{"vulnerability":"VCID-c87b-2p6c-xqh8"},{"vulnerability":"VCID-epah-7729-rqba"},{"vulnerability":"VCID-f55k-m678-vbfr"},{"vulnerability":"VCID-fyxq-vtfm-s3ec"},{"vulnerability":"VCID-k89y-aedv-uugd"},{"vulnerability":"VCID-kwns-m3j3-8kb7"},{"vulnerability":"VCID-q3he-ta5n-hkec"},{"vulnerability":"VCID-q7dx-jb8e-wua4"},{"vulnerability":"VCID-smd5-xy65-jufc"},{"vulnerability":"VCID-trdq-rcjg-s7gy"},{"vulnerability":"VCID-wau9-knn5-vqbp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:nuget/DotNetNuke.Core@9.13.0-ci0000"}],"aliases":["CVE-2013-4649","GHSA-rvrj-j7cc-236p"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-bmfr-jaur-3kfq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/100961?format=json","vulnerability_id":"VCID-c87b-2p6c-xqh8","summary":"DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Prior to version 10.1.0, when embedding information in the Biography field, even if that field is not rich-text, users could inject javascript code that would run in the context of the website and to any other user that can view the profile including administrators and/or superusers. This issue has been patched in version 10.1.0.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-59539","reference_id":"","reference_type":"","scores":[{"value":"0.00041","scoring_system":"epss","scoring_elements":"0.13003","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00041","scoring_system":"epss","scoring_elements":"0.12992","published_at":"2026-06-14T12:55:00Z"},{"value":"0.00041","scoring_system":"epss","scoring_elements":"0.12908","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00041","scoring_system":"epss","scoring_elements":"0.13013","published_at":"2026-06-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-59539"},{"reference_url":"https://github.com/dnnsoftware/Dnn.Platform","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/dnnsoftware/Dnn.Platform"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-59539","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-59539"},{"reference_url":"https://github.com/advisories/GHSA-7rcc-q6rq-jpcm","reference_id":"GHSA-7rcc-q6rq-jpcm","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-7rcc-q6rq-jpcm"},{"reference_url":"https://github.com/dnnsoftware/Dnn.Platform/security/advisories/GHSA-7rcc-q6rq-jpcm","reference_id":"GHSA-7rcc-q6rq-jpcm","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-23T18:30:23Z/"}],"url":"https://github.com/dnnsoftware/Dnn.Platform/security/advisories/GHSA-7rcc-q6rq-jpcm"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/376615?format=json","purl":"pkg:nuget/DotNetNuke.Core@10.1.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6227-44sm-nkbb"},{"vulnerability":"VCID-axxm-bb71-33dj"},{"vulnerability":"VCID-fyxq-vtfm-s3ec"},{"vulnerability":"VCID-k89y-aedv-uugd"},{"vulnerability":"VCID-kwns-m3j3-8kb7"},{"vulnerability":"VCID-q7dx-jb8e-wua4"},{"vulnerability":"VCID-smd5-xy65-jufc"},{"vulnerability":"VCID-wau9-knn5-vqbp"},{"vulnerability":"VCID-z9tg-26ja-c7hw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:nuget/DotNetNuke.Core@10.1.0"}],"aliases":["CVE-2025-59539","GHSA-7rcc-q6rq-jpcm"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-c87b-2p6c-xqh8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/101057?format=json","vulnerability_id":"VCID-epah-7729-rqba","summary":"DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Prior to version 10.1.0, the Prompt module allows execution of commands that can return raw HTML. Malicious input, even if sanitized for display elsewhere, can be executed when processed through certain commands, leading to potential script execution (XSS). This issue has been patched in version 10.1.0.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-59545","reference_id":"","reference_type":"","scores":[{"value":"0.00098","scoring_system":"epss","scoring_elements":"0.27077","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00098","scoring_system":"epss","scoring_elements":"0.2706","published_at":"2026-06-14T12:55:00Z"},{"value":"0.00098","scoring_system":"epss","scoring_elements":"0.2686","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00098","scoring_system":"epss","scoring_elements":"0.27062","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-59545"},{"reference_url":"https://github.com/dnnsoftware/Dnn.Platform","reference_id":"","reference_type":"","scores":[{"value":"9.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/dnnsoftware/Dnn.Platform"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-59545","reference_id":"","reference_type":"","scores":[{"value":"9.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-59545"},{"reference_url":"https://github.com/advisories/GHSA-2qxc-mf4x-wr29","reference_id":"GHSA-2qxc-mf4x-wr29","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-2qxc-mf4x-wr29"},{"reference_url":"https://github.com/dnnsoftware/Dnn.Platform/security/advisories/GHSA-2qxc-mf4x-wr29","reference_id":"GHSA-2qxc-mf4x-wr29","reference_type":"","scores":[{"value":"9.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H"},{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-09-23T18:30:12Z/"}],"url":"https://github.com/dnnsoftware/Dnn.Platform/security/advisories/GHSA-2qxc-mf4x-wr29"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/376615?format=json","purl":"pkg:nuget/DotNetNuke.Core@10.1.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6227-44sm-nkbb"},{"vulnerability":"VCID-axxm-bb71-33dj"},{"vulnerability":"VCID-fyxq-vtfm-s3ec"},{"vulnerability":"VCID-k89y-aedv-uugd"},{"vulnerability":"VCID-kwns-m3j3-8kb7"},{"vulnerability":"VCID-q7dx-jb8e-wua4"},{"vulnerability":"VCID-smd5-xy65-jufc"},{"vulnerability":"VCID-wau9-knn5-vqbp"},{"vulnerability":"VCID-z9tg-26ja-c7hw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:nuget/DotNetNuke.Core@10.1.0"}],"aliases":["CVE-2025-59545","GHSA-2qxc-mf4x-wr29"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-epah-7729-rqba"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/118496?format=json","vulnerability_id":"VCID-f55k-m678-vbfr","summary":"DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Prior to version 9.13.9, a specially crafted URL may be constructed which can inject an XSS payload that is triggered by using some module actions. Version 9.13.9 fixes the issue.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-48377","reference_id":"","reference_type":"","scores":[{"value":"0.00141","scoring_system":"epss","scoring_elements":"0.34178","published_at":"2026-06-14T12:55:00Z"},{"value":"0.00141","scoring_system":"epss","scoring_elements":"0.34174","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00141","scoring_system":"epss","scoring_elements":"0.34198","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00141","scoring_system":"epss","scoring_elements":"0.33998","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-48377"},{"reference_url":"https://github.com/dnnsoftware/Dnn.Platform","reference_id":"","reference_type":"","scores":[{"value":"6.0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/dnnsoftware/Dnn.Platform"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-48377","reference_id":"","reference_type":"","scores":[{"value":"6.0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-48377"},{"reference_url":"https://github.com/dnnsoftware/Dnn.Platform/commit/351b166492ad4b6509c273dc83211d52238e31a7","reference_id":"351b166492ad4b6509c273dc83211d52238e31a7","reference_type":"","scores":[{"value":"6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N"},{"value":"6.0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-23T15:51:04Z/"}],"url":"https://github.com/dnnsoftware/Dnn.Platform/commit/351b166492ad4b6509c273dc83211d52238e31a7"},{"reference_url":"https://github.com/advisories/GHSA-79m3-rvx2-3qq9","reference_id":"GHSA-79m3-rvx2-3qq9","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-79m3-rvx2-3qq9"},{"reference_url":"https://github.com/dnnsoftware/Dnn.Platform/security/advisories/GHSA-79m3-rvx2-3qq9","reference_id":"GHSA-79m3-rvx2-3qq9","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N"},{"value":"6.0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-23T15:51:04Z/"}],"url":"https://github.com/dnnsoftware/Dnn.Platform/security/advisories/GHSA-79m3-rvx2-3qq9"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/38328?format=json","purl":"pkg:nuget/DotNetNuke.Core@9.13.9","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2d1y-21mg-9kdx"},{"vulnerability":"VCID-6227-44sm-nkbb"},{"vulnerability":"VCID-as6z-jr8m-6kbm"},{"vulnerability":"VCID-axxm-bb71-33dj"},{"vulnerability":"VCID-c87b-2p6c-xqh8"},{"vulnerability":"VCID-epah-7729-rqba"},{"vulnerability":"VCID-fyxq-vtfm-s3ec"},{"vulnerability":"VCID-k89y-aedv-uugd"},{"vulnerability":"VCID-kwns-m3j3-8kb7"},{"vulnerability":"VCID-q7dx-jb8e-wua4"},{"vulnerability":"VCID-smd5-xy65-jufc"},{"vulnerability":"VCID-trdq-rcjg-s7gy"},{"vulnerability":"VCID-wau9-knn5-vqbp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:nuget/DotNetNuke.Core@9.13.9"}],"aliases":["CVE-2025-48377","GHSA-79m3-rvx2-3qq9"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-f55k-m678-vbfr"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/82686?format=json","vulnerability_id":"VCID-fyxq-vtfm-s3ec","summary":"DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Prior to versions 9.13.10 and 10.2.0,  module title supports richtext which could include scripts that would execute in certain scenarios. Versions 9.13.10 and 10.2.0 contain a fix for the issue.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-24838","reference_id":"","reference_type":"","scores":[{"value":"0.00055","scoring_system":"epss","scoring_elements":"0.17479","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00055","scoring_system":"epss","scoring_elements":"0.17633","published_at":"2026-06-14T12:55:00Z"},{"value":"0.00055","scoring_system":"epss","scoring_elements":"0.17659","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00055","scoring_system":"epss","scoring_elements":"0.17641","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-24838"},{"reference_url":"https://github.com/dnnsoftware/Dnn.Platform","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/dnnsoftware/Dnn.Platform"},{"reference_url":"https://github.com/dnnsoftware/Dnn.Platform/commit/4a4bcbcdf3cedbf702816f8168c4d51bf688f7f6","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/dnnsoftware/Dnn.Platform/commit/4a4bcbcdf3cedbf702816f8168c4d51bf688f7f6"},{"reference_url":"https://github.com/dnnsoftware/Dnn.Platform/releases/tag/v10.2.0","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/dnnsoftware/Dnn.Platform/releases/tag/v10.2.0"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-24838","reference_id":"CVE-2026-24838","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-24838"},{"reference_url":"https://github.com/advisories/GHSA-w9pf-h6m6-v89h","reference_id":"GHSA-w9pf-h6m6-v89h","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-w9pf-h6m6-v89h"},{"reference_url":"https://github.com/dnnsoftware/Dnn.Platform/security/advisories/GHSA-w9pf-h6m6-v89h","reference_id":"GHSA-w9pf-h6m6-v89h","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-01-28T15:03:11Z/"}],"url":"https://github.com/dnnsoftware/Dnn.Platform/security/advisories/GHSA-w9pf-h6m6-v89h"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/38322?format=json","purl":"pkg:nuget/DotNetNuke.Core@9.13.10","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:nuget/DotNetNuke.Core@9.13.10"},{"url":"http://public2.vulnerablecode.io/api/packages/38325?format=json","purl":"pkg:nuget/DotNetNuke.Core@10.2.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-axxm-bb71-33dj"},{"vulnerability":"VCID-kwns-m3j3-8kb7"},{"vulnerability":"VCID-q7dx-jb8e-wua4"},{"vulnerability":"VCID-z9tg-26ja-c7hw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:nuget/DotNetNuke.Core@10.2.0"}],"aliases":["CVE-2026-24838","GHSA-w9pf-h6m6-v89h"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-fyxq-vtfm-s3ec"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/174477?format=json","vulnerability_id":"VCID-gkac-w1q4-wfgw","summary":"Relative Path Traversal in GitHub repository dnnsoftware/dnn.platform prior to 9.11.0.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-2922","reference_id":"","reference_type":"","scores":[{"value":"0.00453","scoring_system":"epss","scoring_elements":"0.64193","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00453","scoring_system":"epss","scoring_elements":"0.64306","published_at":"2026-06-14T12:55:00Z"},{"value":"0.00453","scoring_system":"epss","scoring_elements":"0.6431","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00453","scoring_system":"epss","scoring_elements":"0.64296","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-2922"},{"reference_url":"https://github.com/dnnsoftware/dnn.platform","reference_id":"","reference_type":"","scores":[{"value":"4.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/dnnsoftware/dnn.platform"},{"reference_url":"https://github.com/dnnsoftware/Dnn.Platform/commit/3697c5344cef8d49214230f0cc2efcd9e93a00a8","reference_id":"","reference_type":"","scores":[{"value":"4.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/dnnsoftware/Dnn.Platform/commit/3697c5344cef8d49214230f0cc2efcd9e93a00a8"},{"reference_url":"https://huntr.dev/bounties/74918f40-dc11-4218-abef-064eb71a0703","reference_id":"74918f40-dc11-4218-abef-064eb71a0703","reference_type":"","scores":[{"value":"4.9","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N"},{"value":"4.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-20T16:03:27Z/"}],"url":"https://huntr.dev/bounties/74918f40-dc11-4218-abef-064eb71a0703"},{"reference_url":"https://github.com/dnnsoftware/dnn.platform/commit/9b17351592fbde376506ba6705dbcc7a74a2a195","reference_id":"9b17351592fbde376506ba6705dbcc7a74a2a195","reference_type":"","scores":[{"value":"4.9","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N"},{"value":"4.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-20T16:03:27Z/"}],"url":"https://github.com/dnnsoftware/dnn.platform/commit/9b17351592fbde376506ba6705dbcc7a74a2a195"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-2922","reference_id":"CVE-2022-2922","reference_type":"","scores":[{"value":"4.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-2922"},{"reference_url":"https://github.com/advisories/GHSA-9w72-2f23-57gm","reference_id":"GHSA-9w72-2f23-57gm","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-9w72-2f23-57gm"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/27208?format=json","purl":"pkg:nuget/DotNetNuke.Core@9.11.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2d1y-21mg-9kdx"},{"vulnerability":"VCID-4wd1-t7cm-9yd2"},{"vulnerability":"VCID-6227-44sm-nkbb"},{"vulnerability":"VCID-as6z-jr8m-6kbm"},{"vulnerability":"VCID-axxm-bb71-33dj"},{"vulnerability":"VCID-c87b-2p6c-xqh8"},{"vulnerability":"VCID-epah-7729-rqba"},{"vulnerability":"VCID-f55k-m678-vbfr"},{"vulnerability":"VCID-fyxq-vtfm-s3ec"},{"vulnerability":"VCID-k89y-aedv-uugd"},{"vulnerability":"VCID-kwns-m3j3-8kb7"},{"vulnerability":"VCID-q3he-ta5n-hkec"},{"vulnerability":"VCID-q7dx-jb8e-wua4"},{"vulnerability":"VCID-smd5-xy65-jufc"},{"vulnerability":"VCID-trdq-rcjg-s7gy"},{"vulnerability":"VCID-wau9-knn5-vqbp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:nuget/DotNetNuke.Core@9.11.0"}],"aliases":["CVE-2022-2922","GHSA-9w72-2f23-57gm"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-gkac-w1q4-wfgw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/329523?format=json","vulnerability_id":"VCID-hdzp-q5cp-uuf5","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-5186","reference_id":"","reference_type":"","scores":[{"value":"0.00353","scoring_system":"epss","scoring_elements":"0.58056","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00353","scoring_system":"epss","scoring_elements":"0.58169","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00353","scoring_system":"epss","scoring_elements":"0.58186","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00353","scoring_system":"epss","scoring_elements":"0.58174","published_at":"2026-06-14T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-5186"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-5186","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-5186"},{"reference_url":"https://packetstormsecurity.com/files/156483/DotNetNuke-CMS-9.5.0-Cross-Site-Scripting.html","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://packetstormsecurity.com/files/156483/DotNetNuke-CMS-9.5.0-Cross-Site-Scripting.html"},{"reference_url":"https://github.com/advisories/GHSA-9phr-h5mx-4fp6","reference_id":"GHSA-9phr-h5mx-4fp6","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-9phr-h5mx-4fp6"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/385270?format=json","purl":"pkg:nuget/DotNetNuke.Core@9.5.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2d1y-21mg-9kdx"},{"vulnerability":"VCID-4wd1-t7cm-9yd2"},{"vulnerability":"VCID-6227-44sm-nkbb"},{"vulnerability":"VCID-76dr-n4fx-nud6"},{"vulnerability":"VCID-as6z-jr8m-6kbm"},{"vulnerability":"VCID-axxm-bb71-33dj"},{"vulnerability":"VCID-c87b-2p6c-xqh8"},{"vulnerability":"VCID-eaz6-q3m7-4bep"},{"vulnerability":"VCID-epah-7729-rqba"},{"vulnerability":"VCID-f55k-m678-vbfr"},{"vulnerability":"VCID-fyxq-vtfm-s3ec"},{"vulnerability":"VCID-gkac-w1q4-wfgw"},{"vulnerability":"VCID-k89y-aedv-uugd"},{"vulnerability":"VCID-kwns-m3j3-8kb7"},{"vulnerability":"VCID-q3he-ta5n-hkec"},{"vulnerability":"VCID-q7dx-jb8e-wua4"},{"vulnerability":"VCID-qcc1-r81m-7ud6"},{"vulnerability":"VCID-smd5-xy65-jufc"},{"vulnerability":"VCID-tfyx-ssz9-1qah"},{"vulnerability":"VCID-trdq-rcjg-s7gy"},{"vulnerability":"VCID-wau9-knn5-vqbp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:nuget/DotNetNuke.Core@9.5.0"},{"url":"http://public2.vulnerablecode.io/api/packages/400849?format=json","purl":"pkg:nuget/DotNetNuke.Core@9.13.0-ci0000","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2d1y-21mg-9kdx"},{"vulnerability":"VCID-4wd1-t7cm-9yd2"},{"vulnerability":"VCID-6227-44sm-nkbb"},{"vulnerability":"VCID-as6z-jr8m-6kbm"},{"vulnerability":"VCID-axxm-bb71-33dj"},{"vulnerability":"VCID-c87b-2p6c-xqh8"},{"vulnerability":"VCID-epah-7729-rqba"},{"vulnerability":"VCID-f55k-m678-vbfr"},{"vulnerability":"VCID-fyxq-vtfm-s3ec"},{"vulnerability":"VCID-k89y-aedv-uugd"},{"vulnerability":"VCID-kwns-m3j3-8kb7"},{"vulnerability":"VCID-q3he-ta5n-hkec"},{"vulnerability":"VCID-q7dx-jb8e-wua4"},{"vulnerability":"VCID-smd5-xy65-jufc"},{"vulnerability":"VCID-trdq-rcjg-s7gy"},{"vulnerability":"VCID-wau9-knn5-vqbp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:nuget/DotNetNuke.Core@9.13.0-ci0000"}],"aliases":["CVE-2020-5186","GHSA-9phr-h5mx-4fp6"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-hdzp-q5cp-uuf5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/201687?format=json","vulnerability_id":"VCID-j6vd-2rnp-n7e5","summary":"Cross-site scripting (XSS) vulnerability in the user-profile biography section in DotNetNuke (DNN)","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-7119","reference_id":"","reference_type":"","scores":[{"value":"0.00227","scoring_system":"epss","scoring_elements":"0.4573","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00227","scoring_system":"epss","scoring_elements":"0.45583","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00227","scoring_system":"epss","scoring_elements":"0.45725","published_at":"2026-06-14T12:55:00Z"},{"value":"0.00227","scoring_system":"epss","scoring_elements":"0.45739","published_at":"2026-06-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-7119"},{"reference_url":"http://www.securityfocus.com/bid/92719","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.securityfocus.com/bid/92719"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2016-7119","reference_id":"CVE-2016-7119","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2016-7119"},{"reference_url":"https://github.com/advisories/GHSA-5c66-x4wm-rjfx","reference_id":"GHSA-5c66-x4wm-rjfx","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-5c66-x4wm-rjfx"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/13807?format=json","purl":"pkg:nuget/DotNetNuke.Core@8.0.1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:nuget/DotNetNuke.Core@8.0.1"},{"url":"http://public2.vulnerablecode.io/api/packages/409116?format=json","purl":"pkg:nuget/DotNetNuke.Core@8.0.1.239","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2d1y-21mg-9kdx"},{"vulnerability":"VCID-4wd1-t7cm-9yd2"},{"vulnerability":"VCID-76dr-n4fx-nud6"},{"vulnerability":"VCID-8vft-tfmv-5qfr"},{"vulnerability":"VCID-as6z-jr8m-6kbm"},{"vulnerability":"VCID-axxm-bb71-33dj"},{"vulnerability":"VCID-c87b-2p6c-xqh8"},{"vulnerability":"VCID-eaz6-q3m7-4bep"},{"vulnerability":"VCID-epah-7729-rqba"},{"vulnerability":"VCID-f55k-m678-vbfr"},{"vulnerability":"VCID-fyxq-vtfm-s3ec"},{"vulnerability":"VCID-gkac-w1q4-wfgw"},{"vulnerability":"VCID-hdzp-q5cp-uuf5"},{"vulnerability":"VCID-kwns-m3j3-8kb7"},{"vulnerability":"VCID-q3he-ta5n-hkec"},{"vulnerability":"VCID-q3w4-ejd5-pqfz"},{"vulnerability":"VCID-q7dx-jb8e-wua4"},{"vulnerability":"VCID-smd5-xy65-jufc"},{"vulnerability":"VCID-tc3h-gp3h-euf9"},{"vulnerability":"VCID-tfyx-ssz9-1qah"},{"vulnerability":"VCID-trdq-rcjg-s7gy"},{"vulnerability":"VCID-w7dd-uzf2-d7au"},{"vulnerability":"VCID-xmh6-rwbu-c3bb"},{"vulnerability":"VCID-z31q-4wvb-gfhp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:nuget/DotNetNuke.Core@8.0.1.239"}],"aliases":["CVE-2016-7119","GHSA-5c66-x4wm-rjfx"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-j6vd-2rnp-n7e5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/201685?format=json","vulnerability_id":"VCID-jcyr-1pnk-e3er","summary":"Moderate severity vulnerability that affects DotNetNuke.Core","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-1566","reference_id":"","reference_type":"","scores":[{"value":"0.00253","scoring_system":"epss","scoring_elements":"0.49083","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00253","scoring_system":"epss","scoring_elements":"0.48947","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00253","scoring_system":"epss","scoring_elements":"0.49088","published_at":"2026-06-14T12:55:00Z"},{"value":"0.00253","scoring_system":"epss","scoring_elements":"0.49101","published_at":"2026-06-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-1566"},{"reference_url":"http://secunia.com/advisories/62832","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://secunia.com/advisories/62832"},{"reference_url":"http://www.dnnsoftware.com/platform/manage/security-center","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.dnnsoftware.com/platform/manage/security-center"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2015-1566","reference_id":"CVE-2015-1566","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2015-1566"},{"reference_url":"https://github.com/advisories/GHSA-v76m-f5cx-8rg4","reference_id":"GHSA-v76m-f5cx-8rg4","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-v76m-f5cx-8rg4"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/13805?format=json","purl":"pkg:nuget/DotNetNuke.Core@7.4.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5eqv-4vr8-9ug1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:nuget/DotNetNuke.Core@7.4.0"},{"url":"http://public2.vulnerablecode.io/api/packages/388334?format=json","purl":"pkg:nuget/DotNetNuke.Core@7.4.0.353","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2d1y-21mg-9kdx"},{"vulnerability":"VCID-4wd1-t7cm-9yd2"},{"vulnerability":"VCID-76dr-n4fx-nud6"},{"vulnerability":"VCID-8vft-tfmv-5qfr"},{"vulnerability":"VCID-as6z-jr8m-6kbm"},{"vulnerability":"VCID-axxm-bb71-33dj"},{"vulnerability":"VCID-c87b-2p6c-xqh8"},{"vulnerability":"VCID-eaz6-q3m7-4bep"},{"vulnerability":"VCID-epah-7729-rqba"},{"vulnerability":"VCID-f55k-m678-vbfr"},{"vulnerability":"VCID-fyxq-vtfm-s3ec"},{"vulnerability":"VCID-gkac-w1q4-wfgw"},{"vulnerability":"VCID-hdzp-q5cp-uuf5"},{"vulnerability":"VCID-j6vd-2rnp-n7e5"},{"vulnerability":"VCID-kwns-m3j3-8kb7"},{"vulnerability":"VCID-q3he-ta5n-hkec"},{"vulnerability":"VCID-q3w4-ejd5-pqfz"},{"vulnerability":"VCID-q7dx-jb8e-wua4"},{"vulnerability":"VCID-smd5-xy65-jufc"},{"vulnerability":"VCID-tc3h-gp3h-euf9"},{"vulnerability":"VCID-tfyx-ssz9-1qah"},{"vulnerability":"VCID-trdq-rcjg-s7gy"},{"vulnerability":"VCID-w7dd-uzf2-d7au"},{"vulnerability":"VCID-xmh6-rwbu-c3bb"},{"vulnerability":"VCID-z31q-4wvb-gfhp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:nuget/DotNetNuke.Core@7.4.0.353"}],"aliases":["CVE-2015-1566","GHSA-v76m-f5cx-8rg4"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-jcyr-1pnk-e3er"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/84164?format=json","vulnerability_id":"VCID-kwns-m3j3-8kb7","summary":"DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Starting in version 6.0.0 and prior to version 10.2.2, in the friends feature, a user could craft a request that would force the acceptance of a friend request on another user. Version 10.2.2 patches the issue.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-40305","reference_id":"","reference_type":"","scores":[{"value":"0.00034","scoring_system":"epss","scoring_elements":"0.10571","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00034","scoring_system":"epss","scoring_elements":"0.10546","published_at":"2026-06-14T12:55:00Z"},{"value":"0.00034","scoring_system":"epss","scoring_elements":"0.1057","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00034","scoring_system":"epss","scoring_elements":"0.10514","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-40305"},{"reference_url":"https://github.com/dnnsoftware/Dnn.Platform","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/dnnsoftware/Dnn.Platform"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-40305","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-40305"},{"reference_url":"https://github.com/advisories/GHSA-fpj4-9qhx-5m6m","reference_id":"GHSA-fpj4-9qhx-5m6m","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-fpj4-9qhx-5m6m"},{"reference_url":"https://github.com/dnnsoftware/Dnn.Platform/security/advisories/GHSA-fpj4-9qhx-5m6m","reference_id":"GHSA-fpj4-9qhx-5m6m","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-20T13:22:45Z/"}],"url":"https://github.com/dnnsoftware/Dnn.Platform/security/advisories/GHSA-fpj4-9qhx-5m6m"},{"reference_url":"https://github.com/dnnsoftware/Dnn.Platform/releases/tag/v10.2.2","reference_id":"v10.2.2","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-20T13:22:45Z/"}],"url":"https://github.com/dnnsoftware/Dnn.Platform/releases/tag/v10.2.2"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373520?format=json","purl":"pkg:nuget/DotNetNuke.Core@10.2.2","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:nuget/DotNetNuke.Core@10.2.2"}],"aliases":["CVE-2026-40305","GHSA-fpj4-9qhx-5m6m"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-kwns-m3j3-8kb7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/114577?format=json","vulnerability_id":"VCID-q3he-ta5n-hkec","summary":"DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. A bypass has been identified for the previously known vulnerability CVE-2017-0929, allowing unauthenticated attackers to execute arbitrary GET requests against target systems, including internal or adjacent networks. This vulnerability facilitates a semi-blind SSRF attack, allowing attackers to make the target server send requests to internal or external URLs without viewing the full responses. Potential impacts include internal network reconnaissance, bypassing firewalls. This vulnerability is fixed in 9.13.8.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-32372","reference_id":"","reference_type":"","scores":[{"value":"0.00102","scoring_system":"epss","scoring_elements":"0.27829","published_at":"2026-06-14T12:55:00Z"},{"value":"0.00102","scoring_system":"epss","scoring_elements":"0.27814","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00102","scoring_system":"epss","scoring_elements":"0.27839","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00102","scoring_system":"epss","scoring_elements":"0.27612","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-32372"},{"reference_url":"https://github.com/dnnsoftware/Dnn.Platform","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/dnnsoftware/Dnn.Platform"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-32372","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-32372"},{"reference_url":"https://github.com/dnnsoftware/Dnn.Platform/commit/4721dd9eef846936d3b1a3676499e46968d15feb","reference_id":"4721dd9eef846936d3b1a3676499e46968d15feb","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-09T15:39:52Z/"}],"url":"https://github.com/dnnsoftware/Dnn.Platform/commit/4721dd9eef846936d3b1a3676499e46968d15feb"},{"reference_url":"https://github.com/advisories/GHSA-3f7v-qx94-666m","reference_id":"GHSA-3f7v-qx94-666m","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-3f7v-qx94-666m"},{"reference_url":"https://github.com/dnnsoftware/Dnn.Platform/security/advisories/GHSA-3f7v-qx94-666m","reference_id":"GHSA-3f7v-qx94-666m","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-09T15:39:52Z/"}],"url":"https://github.com/dnnsoftware/Dnn.Platform/security/advisories/GHSA-3f7v-qx94-666m"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/376256?format=json","purl":"pkg:nuget/DotNetNuke.Core@9.13.8","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2d1y-21mg-9kdx"},{"vulnerability":"VCID-4wd1-t7cm-9yd2"},{"vulnerability":"VCID-6227-44sm-nkbb"},{"vulnerability":"VCID-as6z-jr8m-6kbm"},{"vulnerability":"VCID-axxm-bb71-33dj"},{"vulnerability":"VCID-c87b-2p6c-xqh8"},{"vulnerability":"VCID-epah-7729-rqba"},{"vulnerability":"VCID-f55k-m678-vbfr"},{"vulnerability":"VCID-fyxq-vtfm-s3ec"},{"vulnerability":"VCID-k89y-aedv-uugd"},{"vulnerability":"VCID-kwns-m3j3-8kb7"},{"vulnerability":"VCID-q7dx-jb8e-wua4"},{"vulnerability":"VCID-smd5-xy65-jufc"},{"vulnerability":"VCID-trdq-rcjg-s7gy"},{"vulnerability":"VCID-wau9-knn5-vqbp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:nuget/DotNetNuke.Core@9.13.8"}],"aliases":["CVE-2025-32372","GHSA-3f7v-qx94-666m"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-q3he-ta5n-hkec"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/86185?format=json","vulnerability_id":"VCID-q3w4-ejd5-pqfz","summary":"DNN (aka DotNetNuke) before 9.1.1 has Remote Code Execution via a cookie, aka \"2017-08 (Critical) Possible remote code execution on DNN sites.\"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-9822","reference_id":"","reference_type":"","scores":[{"value":"0.94293","scoring_system":"epss","scoring_elements":"0.99946","published_at":"2026-06-14T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-9822"},{"reference_url":"http://www.securityfocus.com/bid/102213","reference_id":"102213","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-07T13:41:35Z/"}],"url":"http://www.securityfocus.com/bid/102213"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-9822","reference_id":"CVE-2017-9822","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-9822"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/windows/remote/48336.rb","reference_id":"CVE-2018-18326;CVE-2018-18325;CVE-2018-15812;CVE-2018-15811;CVE-2017-9822","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/windows/remote/48336.rb"},{"reference_url":"https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/windows/http/dnn_cookie_deserialization_rce.rb","reference_id":"CVE-2018-18326;CVE-2018-18325;CVE-2018-15812;CVE-2018-15811;CVE-2017-9822","reference_type":"exploit","scores":[],"url":"https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/windows/http/dnn_cookie_deserialization_rce.rb"},{"reference_url":"http://packetstormsecurity.com/files/157080/DotNetNuke-Cookie-Deserialization-Remote-Code-Execution.html","reference_id":"DotNetNuke-Cookie-Deserialization-Remote-Code-Execution.html","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-07T13:41:35Z/"}],"url":"http://packetstormsecurity.com/files/157080/DotNetNuke-Cookie-Deserialization-Remote-Code-Execution.html"},{"reference_url":"https://github.com/advisories/GHSA-x2rg-fmcv-crq5","reference_id":"GHSA-x2rg-fmcv-crq5","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-x2rg-fmcv-crq5"},{"reference_url":"http://www.dnnsoftware.com/community/security/security-center","reference_id":"security-center","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-07T13:41:35Z/"}],"url":"http://www.dnnsoftware.com/community/security/security-center"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/13808?format=json","purl":"pkg:nuget/DotNetNuke.Core@9.1.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-q9z1-ty6z-6uau"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:nuget/DotNetNuke.Core@9.1.1"},{"url":"http://public2.vulnerablecode.io/api/packages/415810?format=json","purl":"pkg:nuget/DotNetNuke.Core@9.1.1.129","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2d1y-21mg-9kdx"},{"vulnerability":"VCID-4wd1-t7cm-9yd2"},{"vulnerability":"VCID-6227-44sm-nkbb"},{"vulnerability":"VCID-76dr-n4fx-nud6"},{"vulnerability":"VCID-8vft-tfmv-5qfr"},{"vulnerability":"VCID-as6z-jr8m-6kbm"},{"vulnerability":"VCID-axxm-bb71-33dj"},{"vulnerability":"VCID-c87b-2p6c-xqh8"},{"vulnerability":"VCID-eaz6-q3m7-4bep"},{"vulnerability":"VCID-epah-7729-rqba"},{"vulnerability":"VCID-f55k-m678-vbfr"},{"vulnerability":"VCID-fyxq-vtfm-s3ec"},{"vulnerability":"VCID-gkac-w1q4-wfgw"},{"vulnerability":"VCID-hdzp-q5cp-uuf5"},{"vulnerability":"VCID-k89y-aedv-uugd"},{"vulnerability":"VCID-kwns-m3j3-8kb7"},{"vulnerability":"VCID-q3he-ta5n-hkec"},{"vulnerability":"VCID-q7dx-jb8e-wua4"},{"vulnerability":"VCID-smd5-xy65-jufc"},{"vulnerability":"VCID-tc3h-gp3h-euf9"},{"vulnerability":"VCID-tfyx-ssz9-1qah"},{"vulnerability":"VCID-trdq-rcjg-s7gy"},{"vulnerability":"VCID-w7dd-uzf2-d7au"},{"vulnerability":"VCID-wau9-knn5-vqbp"},{"vulnerability":"VCID-xmh6-rwbu-c3bb"},{"vulnerability":"VCID-z31q-4wvb-gfhp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:nuget/DotNetNuke.Core@9.1.1.129"}],"aliases":["CVE-2017-9822","GHSA-x2rg-fmcv-crq5"],"risk_score":10.0,"exploitability":"2.0","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-q3w4-ejd5-pqfz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/359949?format=json","vulnerability_id":"VCID-q7dx-jb8e-wua4","summary":"DotNetNuke.Core security code analysis rules triggered\nThe codebase raises code analysis warnings related to security, including CA3075, CA5366, CA5371, CA5368, CA5369, CA5372, CA5379, CA5350, and CA5351.\n\nMost of these deal with disabling DTD processing in XML documents, but also includes cryptographic algorithm choices.","references":[{"reference_url":"https://github.com/dnnsoftware/Dnn.Platform","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/dnnsoftware/Dnn.Platform"},{"reference_url":"https://github.com/dnnsoftware/Dnn.Platform/security/advisories/GHSA-fcpv-w245-r2q7","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/dnnsoftware/Dnn.Platform/security/advisories/GHSA-fcpv-w245-r2q7"},{"reference_url":"https://github.com/advisories/GHSA-fcpv-w245-r2q7","reference_id":"GHSA-fcpv-w245-r2q7","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-fcpv-w245-r2q7"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373520?format=json","purl":"pkg:nuget/DotNetNuke.Core@10.2.2","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:nuget/DotNetNuke.Core@10.2.2"}],"aliases":["GHSA-fcpv-w245-r2q7"],"risk_score":1.4,"exploitability":"0.5","weighted_severity":"2.7","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-q7dx-jb8e-wua4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/268496?format=json","vulnerability_id":"VCID-qk9a-b246-tfeh","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2013-3943","reference_id":"","reference_type":"","scores":[{"value":"0.00209","scoring_system":"epss","scoring_elements":"0.43383","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00209","scoring_system":"epss","scoring_elements":"0.4354","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00209","scoring_system":"epss","scoring_elements":"0.43559","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00209","scoring_system":"epss","scoring_elements":"0.4355","published_at":"2026-06-14T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2013-3943"},{"reference_url":"http://secunia.com/advisories/53493","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/53493"},{"reference_url":"http://www.dnnsoftware.com/platform/manage/security-center","reference_id":"","reference_type":"","scores":[],"url":"http://www.dnnsoftware.com/platform/manage/security-center"},{"reference_url":"http://www.securityfocus.com/bid/61809","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/61809"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2013-3943","reference_id":"CVE-2013-3943","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2013-3943"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/388108?format=json","purl":"pkg:nuget/DotNetNuke.Core@7.2.0","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:nuget/DotNetNuke.Core@7.2.0"},{"url":"http://public2.vulnerablecode.io/api/packages/400849?format=json","purl":"pkg:nuget/DotNetNuke.Core@9.13.0-ci0000","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2d1y-21mg-9kdx"},{"vulnerability":"VCID-4wd1-t7cm-9yd2"},{"vulnerability":"VCID-6227-44sm-nkbb"},{"vulnerability":"VCID-as6z-jr8m-6kbm"},{"vulnerability":"VCID-axxm-bb71-33dj"},{"vulnerability":"VCID-c87b-2p6c-xqh8"},{"vulnerability":"VCID-epah-7729-rqba"},{"vulnerability":"VCID-f55k-m678-vbfr"},{"vulnerability":"VCID-fyxq-vtfm-s3ec"},{"vulnerability":"VCID-k89y-aedv-uugd"},{"vulnerability":"VCID-kwns-m3j3-8kb7"},{"vulnerability":"VCID-q3he-ta5n-hkec"},{"vulnerability":"VCID-q7dx-jb8e-wua4"},{"vulnerability":"VCID-smd5-xy65-jufc"},{"vulnerability":"VCID-trdq-rcjg-s7gy"},{"vulnerability":"VCID-wau9-knn5-vqbp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:nuget/DotNetNuke.Core@9.13.0-ci0000"}],"aliases":["CVE-2013-3943"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qk9a-b246-tfeh"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/90930?format=json","vulnerability_id":"VCID-smd5-xy65-jufc","summary":"DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Prior to 10.1.1,  sanitization of the content of uploaded SVG files was not covering all possible XSS scenarios. This vulnerability exists because of an incomplete fix for CVE-2025-48378. This vulnerability is fixed in 10.1.1.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-64094","reference_id":"","reference_type":"","scores":[{"value":"0.00025","scoring_system":"epss","scoring_elements":"0.07536","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00025","scoring_system":"epss","scoring_elements":"0.07556","published_at":"2026-06-14T12:55:00Z"},{"value":"0.00025","scoring_system":"epss","scoring_elements":"0.07566","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00025","scoring_system":"epss","scoring_elements":"0.07571","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-64094"},{"reference_url":"https://github.com/dnnsoftware/Dnn.Platform","reference_id":"","reference_type":"","scores":[{"value":"6.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/dnnsoftware/Dnn.Platform"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-64094","reference_id":"CVE-2025-64094","reference_type":"","scores":[{"value":"6.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-64094"},{"reference_url":"https://github.com/advisories/GHSA-hmvq-8p83-cq52","reference_id":"GHSA-hmvq-8p83-cq52","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-hmvq-8p83-cq52"},{"reference_url":"https://github.com/dnnsoftware/Dnn.Platform/security/advisories/GHSA-hmvq-8p83-cq52","reference_id":"GHSA-hmvq-8p83-cq52","reference_type":"","scores":[{"value":"6.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-29T14:51:54Z/"}],"url":"https://github.com/dnnsoftware/Dnn.Platform/security/advisories/GHSA-hmvq-8p83-cq52"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/34899?format=json","purl":"pkg:nuget/DotNetNuke.Core@10.1.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6227-44sm-nkbb"},{"vulnerability":"VCID-axxm-bb71-33dj"},{"vulnerability":"VCID-fyxq-vtfm-s3ec"},{"vulnerability":"VCID-k89y-aedv-uugd"},{"vulnerability":"VCID-kwns-m3j3-8kb7"},{"vulnerability":"VCID-q7dx-jb8e-wua4"},{"vulnerability":"VCID-wau9-knn5-vqbp"},{"vulnerability":"VCID-z9tg-26ja-c7hw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:nuget/DotNetNuke.Core@10.1.1"}],"aliases":["CVE-2025-64094","GHSA-hmvq-8p83-cq52"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-smd5-xy65-jufc"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/329525?format=json","vulnerability_id":"VCID-tc3h-gp3h-euf9","summary":"","references":[{"reference_url":"http://packetstormsecurity.com/files/156484/DotNetNuke-CMS-9.5.0-File-Extension-Check-Bypass.html","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://packetstormsecurity.com/files/156484/DotNetNuke-CMS-9.5.0-File-Extension-Check-Bypass.html"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-5188","reference_id":"","reference_type":"","scores":[{"value":"0.00254","scoring_system":"epss","scoring_elements":"0.48981","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00254","scoring_system":"epss","scoring_elements":"0.49117","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00254","scoring_system":"epss","scoring_elements":"0.49135","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00254","scoring_system":"epss","scoring_elements":"0.49125","published_at":"2026-06-14T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-5188"},{"reference_url":"https://github.com/dnnsoftware/Dnn.Platform","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/dnnsoftware/Dnn.Platform"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-5188","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-5188"},{"reference_url":"https://github.com/advisories/GHSA-vjcm-j85r-7p68","reference_id":"GHSA-vjcm-j85r-7p68","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-vjcm-j85r-7p68"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/385270?format=json","purl":"pkg:nuget/DotNetNuke.Core@9.5.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2d1y-21mg-9kdx"},{"vulnerability":"VCID-4wd1-t7cm-9yd2"},{"vulnerability":"VCID-6227-44sm-nkbb"},{"vulnerability":"VCID-76dr-n4fx-nud6"},{"vulnerability":"VCID-as6z-jr8m-6kbm"},{"vulnerability":"VCID-axxm-bb71-33dj"},{"vulnerability":"VCID-c87b-2p6c-xqh8"},{"vulnerability":"VCID-eaz6-q3m7-4bep"},{"vulnerability":"VCID-epah-7729-rqba"},{"vulnerability":"VCID-f55k-m678-vbfr"},{"vulnerability":"VCID-fyxq-vtfm-s3ec"},{"vulnerability":"VCID-gkac-w1q4-wfgw"},{"vulnerability":"VCID-k89y-aedv-uugd"},{"vulnerability":"VCID-kwns-m3j3-8kb7"},{"vulnerability":"VCID-q3he-ta5n-hkec"},{"vulnerability":"VCID-q7dx-jb8e-wua4"},{"vulnerability":"VCID-qcc1-r81m-7ud6"},{"vulnerability":"VCID-smd5-xy65-jufc"},{"vulnerability":"VCID-tfyx-ssz9-1qah"},{"vulnerability":"VCID-trdq-rcjg-s7gy"},{"vulnerability":"VCID-wau9-knn5-vqbp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:nuget/DotNetNuke.Core@9.5.0"},{"url":"http://public2.vulnerablecode.io/api/packages/400849?format=json","purl":"pkg:nuget/DotNetNuke.Core@9.13.0-ci0000","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2d1y-21mg-9kdx"},{"vulnerability":"VCID-4wd1-t7cm-9yd2"},{"vulnerability":"VCID-6227-44sm-nkbb"},{"vulnerability":"VCID-as6z-jr8m-6kbm"},{"vulnerability":"VCID-axxm-bb71-33dj"},{"vulnerability":"VCID-c87b-2p6c-xqh8"},{"vulnerability":"VCID-epah-7729-rqba"},{"vulnerability":"VCID-f55k-m678-vbfr"},{"vulnerability":"VCID-fyxq-vtfm-s3ec"},{"vulnerability":"VCID-k89y-aedv-uugd"},{"vulnerability":"VCID-kwns-m3j3-8kb7"},{"vulnerability":"VCID-q3he-ta5n-hkec"},{"vulnerability":"VCID-q7dx-jb8e-wua4"},{"vulnerability":"VCID-smd5-xy65-jufc"},{"vulnerability":"VCID-trdq-rcjg-s7gy"},{"vulnerability":"VCID-wau9-knn5-vqbp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:nuget/DotNetNuke.Core@9.13.0-ci0000"}],"aliases":["CVE-2020-5188","GHSA-vjcm-j85r-7p68"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-tc3h-gp3h-euf9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/339688?format=json","vulnerability_id":"VCID-tfyx-ssz9-1qah","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-31858","reference_id":"","reference_type":"","scores":[{"value":"0.00234","scoring_system":"epss","scoring_elements":"0.46512","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00234","scoring_system":"epss","scoring_elements":"0.46657","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00234","scoring_system":"epss","scoring_elements":"0.46667","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00234","scoring_system":"epss","scoring_elements":"0.46653","published_at":"2026-06-14T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-31858"},{"reference_url":"https://labs.integrity.pt/advisories/cve-2021-31858/","reference_id":"CVE-2021-31858","reference_type":"","scores":[],"url":"https://labs.integrity.pt/advisories/cve-2021-31858/"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-31858","reference_id":"CVE-2021-31858","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-31858"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/400849?format=json","purl":"pkg:nuget/DotNetNuke.Core@9.13.0-ci0000","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2d1y-21mg-9kdx"},{"vulnerability":"VCID-4wd1-t7cm-9yd2"},{"vulnerability":"VCID-6227-44sm-nkbb"},{"vulnerability":"VCID-as6z-jr8m-6kbm"},{"vulnerability":"VCID-axxm-bb71-33dj"},{"vulnerability":"VCID-c87b-2p6c-xqh8"},{"vulnerability":"VCID-epah-7729-rqba"},{"vulnerability":"VCID-f55k-m678-vbfr"},{"vulnerability":"VCID-fyxq-vtfm-s3ec"},{"vulnerability":"VCID-k89y-aedv-uugd"},{"vulnerability":"VCID-kwns-m3j3-8kb7"},{"vulnerability":"VCID-q3he-ta5n-hkec"},{"vulnerability":"VCID-q7dx-jb8e-wua4"},{"vulnerability":"VCID-smd5-xy65-jufc"},{"vulnerability":"VCID-trdq-rcjg-s7gy"},{"vulnerability":"VCID-wau9-knn5-vqbp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:nuget/DotNetNuke.Core@9.13.0-ci0000"}],"aliases":["CVE-2021-31858"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-tfyx-ssz9-1qah"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/101151?format=json","vulnerability_id":"VCID-trdq-rcjg-s7gy","summary":"DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Prior to version 10.1.0, arbitrary themes can be loaded through query parameters. If an installed theme had a vulnerability, even if it was not used on any page, this could be loaded on unsuspecting clients without knowledge of the site owner. This issue has been patched in version 10.1.0.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-59535","reference_id":"","reference_type":"","scores":[{"value":"0.00126","scoring_system":"epss","scoring_elements":"0.31369","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00126","scoring_system":"epss","scoring_elements":"0.31561","published_at":"2026-06-14T12:55:00Z"},{"value":"0.00126","scoring_system":"epss","scoring_elements":"0.31579","published_at":"2026-06-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-59535"},{"reference_url":"https://dnncommunity.org/?SkinSrc=%5BG%5Dskins%2Fxcillion%2Fhome&ContainerSrc=%5BG%5DContainers%2FXcillion%2FNoTitle","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://dnncommunity.org/?SkinSrc=%5BG%5Dskins%2Fxcillion%2Fhome&ContainerSrc=%5BG%5DContainers%2FXcillion%2FNoTitle"},{"reference_url":"https://github.com/dnnsoftware/Dnn.Platform","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/dnnsoftware/Dnn.Platform"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-59535","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-59535"},{"reference_url":"https://github.com/dnnsoftware/Dnn.Platform/commit/72f30f69fd2214d77f6c2577dfcca495a24caf5c","reference_id":"72f30f69fd2214d77f6c2577dfcca495a24caf5c","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-09-23T20:08:12Z/"}],"url":"https://github.com/dnnsoftware/Dnn.Platform/commit/72f30f69fd2214d77f6c2577dfcca495a24caf5c"},{"reference_url":"https://github.com/advisories/GHSA-wq2j-w9pm-7x2p","reference_id":"GHSA-wq2j-w9pm-7x2p","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-wq2j-w9pm-7x2p"},{"reference_url":"https://github.com/dnnsoftware/Dnn.Platform/security/advisories/GHSA-wq2j-w9pm-7x2p","reference_id":"GHSA-wq2j-w9pm-7x2p","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-09-23T20:08:12Z/"}],"url":"https://github.com/dnnsoftware/Dnn.Platform/security/advisories/GHSA-wq2j-w9pm-7x2p"},{"reference_url":"https://github.com/dnnsoftware/Dnn.Platform/blob/develop/DNN%20Platform/Library/UI/Skins/Skin.cs#L305","reference_id":"Skin.cs#L305","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-09-23T20:08:12Z/"}],"url":"https://github.com/dnnsoftware/Dnn.Platform/blob/develop/DNN%20Platform/Library/UI/Skins/Skin.cs#L305"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/376615?format=json","purl":"pkg:nuget/DotNetNuke.Core@10.1.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6227-44sm-nkbb"},{"vulnerability":"VCID-axxm-bb71-33dj"},{"vulnerability":"VCID-fyxq-vtfm-s3ec"},{"vulnerability":"VCID-k89y-aedv-uugd"},{"vulnerability":"VCID-kwns-m3j3-8kb7"},{"vulnerability":"VCID-q7dx-jb8e-wua4"},{"vulnerability":"VCID-smd5-xy65-jufc"},{"vulnerability":"VCID-wau9-knn5-vqbp"},{"vulnerability":"VCID-z9tg-26ja-c7hw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:nuget/DotNetNuke.Core@10.1.0"}],"aliases":["CVE-2025-59535","GHSA-wq2j-w9pm-7x2p"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-trdq-rcjg-s7gy"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/329524?format=json","vulnerability_id":"VCID-w7dd-uzf2-d7au","summary":"","references":[{"reference_url":"http://packetstormsecurity.com/files/156489/DotNetNuke-CMS-9.4.4-Zip-Directory-Traversal.html","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://packetstormsecurity.com/files/156489/DotNetNuke-CMS-9.4.4-Zip-Directory-Traversal.html"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-5187","reference_id":"","reference_type":"","scores":[{"value":"0.00709","scoring_system":"epss","scoring_elements":"0.72682","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00709","scoring_system":"epss","scoring_elements":"0.72758","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00709","scoring_system":"epss","scoring_elements":"0.72774","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00709","scoring_system":"epss","scoring_elements":"0.72771","published_at":"2026-06-14T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-5187"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-5187","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-5187"},{"reference_url":"https://github.com/advisories/GHSA-4qf5-7xc2-wqpg","reference_id":"GHSA-4qf5-7xc2-wqpg","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-4qf5-7xc2-wqpg"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/385270?format=json","purl":"pkg:nuget/DotNetNuke.Core@9.5.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2d1y-21mg-9kdx"},{"vulnerability":"VCID-4wd1-t7cm-9yd2"},{"vulnerability":"VCID-6227-44sm-nkbb"},{"vulnerability":"VCID-76dr-n4fx-nud6"},{"vulnerability":"VCID-as6z-jr8m-6kbm"},{"vulnerability":"VCID-axxm-bb71-33dj"},{"vulnerability":"VCID-c87b-2p6c-xqh8"},{"vulnerability":"VCID-eaz6-q3m7-4bep"},{"vulnerability":"VCID-epah-7729-rqba"},{"vulnerability":"VCID-f55k-m678-vbfr"},{"vulnerability":"VCID-fyxq-vtfm-s3ec"},{"vulnerability":"VCID-gkac-w1q4-wfgw"},{"vulnerability":"VCID-k89y-aedv-uugd"},{"vulnerability":"VCID-kwns-m3j3-8kb7"},{"vulnerability":"VCID-q3he-ta5n-hkec"},{"vulnerability":"VCID-q7dx-jb8e-wua4"},{"vulnerability":"VCID-qcc1-r81m-7ud6"},{"vulnerability":"VCID-smd5-xy65-jufc"},{"vulnerability":"VCID-tfyx-ssz9-1qah"},{"vulnerability":"VCID-trdq-rcjg-s7gy"},{"vulnerability":"VCID-wau9-knn5-vqbp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:nuget/DotNetNuke.Core@9.5.0"},{"url":"http://public2.vulnerablecode.io/api/packages/400849?format=json","purl":"pkg:nuget/DotNetNuke.Core@9.13.0-ci0000","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2d1y-21mg-9kdx"},{"vulnerability":"VCID-4wd1-t7cm-9yd2"},{"vulnerability":"VCID-6227-44sm-nkbb"},{"vulnerability":"VCID-as6z-jr8m-6kbm"},{"vulnerability":"VCID-axxm-bb71-33dj"},{"vulnerability":"VCID-c87b-2p6c-xqh8"},{"vulnerability":"VCID-epah-7729-rqba"},{"vulnerability":"VCID-f55k-m678-vbfr"},{"vulnerability":"VCID-fyxq-vtfm-s3ec"},{"vulnerability":"VCID-k89y-aedv-uugd"},{"vulnerability":"VCID-kwns-m3j3-8kb7"},{"vulnerability":"VCID-q3he-ta5n-hkec"},{"vulnerability":"VCID-q7dx-jb8e-wua4"},{"vulnerability":"VCID-smd5-xy65-jufc"},{"vulnerability":"VCID-trdq-rcjg-s7gy"},{"vulnerability":"VCID-wau9-knn5-vqbp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:nuget/DotNetNuke.Core@9.13.0-ci0000"}],"aliases":["CVE-2020-5187","GHSA-4qf5-7xc2-wqpg"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-w7dd-uzf2-d7au"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/159564?format=json","vulnerability_id":"VCID-xmh6-rwbu-c3bb","summary":"DNN (aka DotNetNuke) 9.2 through 9.2.2 uses a weak encryption algorithm to protect input parameters. NOTE: this issue exists because of an incomplete fix for CVE-2018-15811.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-18325","reference_id":"","reference_type":"","scores":[{"value":"0.92916","scoring_system":"epss","scoring_elements":"0.99783","published_at":"2026-06-14T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-18325"},{"reference_url":"https://github.com/dnnsoftware/Dnn.Platform","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/dnnsoftware/Dnn.Platform"},{"reference_url":"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2018-18325","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2018-18325"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2018-18325","reference_id":"CVE-2018-18325","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-18325"},{"reference_url":"http://packetstormsecurity.com/files/157080/DotNetNuke-Cookie-Deserialization-Remote-Code-Execution.html","reference_id":"DotNetNuke-Cookie-Deserialization-Remote-Code-Execution.html","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H"},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-02-04T20:15:01Z/"}],"url":"http://packetstormsecurity.com/files/157080/DotNetNuke-Cookie-Deserialization-Remote-Code-Execution.html"},{"reference_url":"https://github.com/advisories/GHSA-j3g9-6fx5-gjv7","reference_id":"GHSA-j3g9-6fx5-gjv7","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-j3g9-6fx5-gjv7"},{"reference_url":"https://github.com/dnnsoftware/Dnn.Platform/releases","reference_id":"releases","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H"},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-02-04T20:15:01Z/"}],"url":"https://github.com/dnnsoftware/Dnn.Platform/releases"},{"reference_url":"https://www.dnnsoftware.com/community/security/security-center","reference_id":"security-center","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H"},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-02-04T20:15:01Z/"}],"url":"https://www.dnnsoftware.com/community/security/security-center"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/15432?format=json","purl":"pkg:nuget/DotNetNuke.Core@9.3.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2d1y-21mg-9kdx"},{"vulnerability":"VCID-4wd1-t7cm-9yd2"},{"vulnerability":"VCID-6227-44sm-nkbb"},{"vulnerability":"VCID-76dr-n4fx-nud6"},{"vulnerability":"VCID-as6z-jr8m-6kbm"},{"vulnerability":"VCID-axxm-bb71-33dj"},{"vulnerability":"VCID-c87b-2p6c-xqh8"},{"vulnerability":"VCID-eaz6-q3m7-4bep"},{"vulnerability":"VCID-epah-7729-rqba"},{"vulnerability":"VCID-f55k-m678-vbfr"},{"vulnerability":"VCID-fyxq-vtfm-s3ec"},{"vulnerability":"VCID-gkac-w1q4-wfgw"},{"vulnerability":"VCID-hdzp-q5cp-uuf5"},{"vulnerability":"VCID-k89y-aedv-uugd"},{"vulnerability":"VCID-kwns-m3j3-8kb7"},{"vulnerability":"VCID-q3he-ta5n-hkec"},{"vulnerability":"VCID-q7dx-jb8e-wua4"},{"vulnerability":"VCID-smd5-xy65-jufc"},{"vulnerability":"VCID-tc3h-gp3h-euf9"},{"vulnerability":"VCID-tfyx-ssz9-1qah"},{"vulnerability":"VCID-trdq-rcjg-s7gy"},{"vulnerability":"VCID-w7dd-uzf2-d7au"},{"vulnerability":"VCID-wau9-knn5-vqbp"},{"vulnerability":"VCID-z31q-4wvb-gfhp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:nuget/DotNetNuke.Core@9.3.0"}],"aliases":["CVE-2018-18325","GHSA-j3g9-6fx5-gjv7"],"risk_score":10.0,"exploitability":"2.0","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-xmh6-rwbu-c3bb"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/204257?format=json","vulnerability_id":"VCID-z31q-4wvb-gfhp","summary":"Stored Cross-Site Scripting vulnerability in admin component of DotNetNuke","references":[{"reference_url":"http://packetstormsecurity.com/files/154673/DotNetNuke-Cross-Site-Scripting.html","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://packetstormsecurity.com/files/154673/DotNetNuke-Cross-Site-Scripting.html"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-12562","reference_id":"","reference_type":"","scores":[{"value":"0.38668","scoring_system":"epss","scoring_elements":"0.9735","published_at":"2026-06-11T12:55:00Z"},{"value":"0.38668","scoring_system":"epss","scoring_elements":"0.9736","published_at":"2026-06-14T12:55:00Z"},{"value":"0.38668","scoring_system":"epss","scoring_elements":"0.97358","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-12562"},{"reference_url":"https://mayaseven.com/cve-2019-12562-stored-cross-site-scripting-in-dotnetnuke-dnn-version-v9-3-2","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://mayaseven.com/cve-2019-12562-stored-cross-site-scripting-in-dotnetnuke-dnn-version-v9-3-2"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/webapps/47448.py","reference_id":"CVE-2019-12562","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/webapps/47448.py"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-12562","reference_id":"CVE-2019-12562","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-12562"},{"reference_url":"https://mayaseven.com/cve-2019-12562-stored-cross-site-scripting-in-dotnetnuke-dnn-version-v9-3-2/","reference_id":"CVE-2019-12562-STORED-CROSS-SITE-SCRIPTING-IN-DOTNETNUKE-DNN-VERSION-V9-3-2","reference_type":"","scores":[],"url":"https://mayaseven.com/cve-2019-12562-stored-cross-site-scripting-in-dotnetnuke-dnn-version-v9-3-2/"},{"reference_url":"https://github.com/advisories/GHSA-5whq-j5qg-wjvp","reference_id":"GHSA-5whq-j5qg-wjvp","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-5whq-j5qg-wjvp"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/15775?format=json","purl":"pkg:nuget/DotNetNuke.Core@9.4.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2d1y-21mg-9kdx"},{"vulnerability":"VCID-4wd1-t7cm-9yd2"},{"vulnerability":"VCID-6227-44sm-nkbb"},{"vulnerability":"VCID-76dr-n4fx-nud6"},{"vulnerability":"VCID-as6z-jr8m-6kbm"},{"vulnerability":"VCID-axxm-bb71-33dj"},{"vulnerability":"VCID-c87b-2p6c-xqh8"},{"vulnerability":"VCID-eaz6-q3m7-4bep"},{"vulnerability":"VCID-epah-7729-rqba"},{"vulnerability":"VCID-f55k-m678-vbfr"},{"vulnerability":"VCID-fyxq-vtfm-s3ec"},{"vulnerability":"VCID-gkac-w1q4-wfgw"},{"vulnerability":"VCID-hdzp-q5cp-uuf5"},{"vulnerability":"VCID-k89y-aedv-uugd"},{"vulnerability":"VCID-kwns-m3j3-8kb7"},{"vulnerability":"VCID-q3he-ta5n-hkec"},{"vulnerability":"VCID-q7dx-jb8e-wua4"},{"vulnerability":"VCID-smd5-xy65-jufc"},{"vulnerability":"VCID-tc3h-gp3h-euf9"},{"vulnerability":"VCID-tfyx-ssz9-1qah"},{"vulnerability":"VCID-trdq-rcjg-s7gy"},{"vulnerability":"VCID-w7dd-uzf2-d7au"},{"vulnerability":"VCID-wau9-knn5-vqbp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:nuget/DotNetNuke.Core@9.4.0"}],"aliases":["CVE-2019-12562","GHSA-5whq-j5qg-wjvp"],"risk_score":10.0,"exploitability":"2.0","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-z31q-4wvb-gfhp"}],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/258428?format=json","vulnerability_id":"VCID-g1v2-vd5w-d7af","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2010-4514","reference_id":"","reference_type":"","scores":[{"value":"0.0278","scoring_system":"epss","scoring_elements":"0.86383","published_at":"2026-06-11T12:55:00Z"},{"value":"0.0278","scoring_system":"epss","scoring_elements":"0.86434","published_at":"2026-06-12T12:55:00Z"},{"value":"0.0278","scoring_system":"epss","scoring_elements":"0.86444","published_at":"2026-06-13T12:55:00Z"},{"value":"0.0278","scoring_system":"epss","scoring_elements":"0.86442","published_at":"2026-06-14T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2010-4514"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2010-4514","reference_id":"CVE-2010-4514","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2010-4514"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/asp/webapps/35045.txt","reference_id":"CVE-2010-4514;OSVDB-69686","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/asp/webapps/35045.txt"},{"reference_url":"https://www.securityfocus.com/bid/45180/info","reference_id":"CVE-2010-4514;OSVDB-69686","reference_type":"exploit","scores":[],"url":"https://www.securityfocus.com/bid/45180/info"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/387802?format=json","purl":"pkg:nuget/DotNetNuke.Core@6.0.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2d1y-21mg-9kdx"},{"vulnerability":"VCID-2wya-nj46-dff2"},{"vulnerability":"VCID-4wd1-t7cm-9yd2"},{"vulnerability":"VCID-5eqv-4vr8-9ug1"},{"vulnerability":"VCID-76dr-n4fx-nud6"},{"vulnerability":"VCID-8vft-tfmv-5qfr"},{"vulnerability":"VCID-9bhd-qqr2-1yhy"},{"vulnerability":"VCID-as6z-jr8m-6kbm"},{"vulnerability":"VCID-axxm-bb71-33dj"},{"vulnerability":"VCID-bmfr-jaur-3kfq"},{"vulnerability":"VCID-c87b-2p6c-xqh8"},{"vulnerability":"VCID-epah-7729-rqba"},{"vulnerability":"VCID-f55k-m678-vbfr"},{"vulnerability":"VCID-fyxq-vtfm-s3ec"},{"vulnerability":"VCID-gkac-w1q4-wfgw"},{"vulnerability":"VCID-hdzp-q5cp-uuf5"},{"vulnerability":"VCID-j6vd-2rnp-n7e5"},{"vulnerability":"VCID-jcyr-1pnk-e3er"},{"vulnerability":"VCID-kwns-m3j3-8kb7"},{"vulnerability":"VCID-q3he-ta5n-hkec"},{"vulnerability":"VCID-q3w4-ejd5-pqfz"},{"vulnerability":"VCID-q7dx-jb8e-wua4"},{"vulnerability":"VCID-qk9a-b246-tfeh"},{"vulnerability":"VCID-smd5-xy65-jufc"},{"vulnerability":"VCID-tc3h-gp3h-euf9"},{"vulnerability":"VCID-tfyx-ssz9-1qah"},{"vulnerability":"VCID-trdq-rcjg-s7gy"},{"vulnerability":"VCID-w7dd-uzf2-d7au"},{"vulnerability":"VCID-xmh6-rwbu-c3bb"},{"vulnerability":"VCID-z31q-4wvb-gfhp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:nuget/DotNetNuke.Core@6.0.0"}],"aliases":["CVE-2010-4514"],"risk_score":null,"exploitability":"2.0","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-g1v2-vd5w-d7af"}],"risk_score":"10.0","resource_url":"http://public2.vulnerablecode.io/packages/pkg:nuget/DotNetNuke.Core@6.0.0"}