{"url":"http://public2.vulnerablecode.io/api/packages/56012?format=json","purl":"pkg:nuget/DotNetNuke.Core@9.2.0.366","type":"nuget","namespace":"","name":"DotNetNuke.Core","version":"9.2.0.366","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"10.2.2","latest_non_vulnerable_version":"10.2.2","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/41152?format=json","vulnerability_id":"VCID-2dnh-g597-juce","summary":"Inadequate Encryption Strength in DotNetNuke\nDNN (aka DotNetNuke) 9.2 through 9.2.2 uses a weak encryption algorithm to protect input parameters. NOTE: this issue exists because of an incomplete fix for CVE-2018-15811.","references":[{"reference_url":"http://packetstormsecurity.com/files/157080/DotNetNuke-Cookie-Deserialization-Remote-Code-Execution.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-02-04T20:15:01Z/"}],"url":"http://packetstormsecurity.com/files/157080/DotNetNuke-Cookie-Deserialization-Remote-Code-Execution.html"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-18325","reference_id":"","reference_type":"","scores":[{"value":"0.92916","scoring_system":"epss","scoring_elements":"0.9978","published_at":"2026-06-04T12:55:00Z"},{"value":"0.92916","scoring_system":"epss","scoring_elements":"0.99781","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-18325"},{"reference_url":"https://github.com/dnnsoftware/Dnn.Platform","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/dnnsoftware/Dnn.Platform"},{"reference_url":"https://github.com/dnnsoftware/Dnn.Platform/releases","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H"},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-02-04T20:15:01Z/"}],"url":"https://github.com/dnnsoftware/Dnn.Platform/releases"},{"reference_url":"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2018-18325","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2018-18325"},{"reference_url":"https://www.dnnsoftware.com/community/security/security-center","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H"},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-02-04T20:15:01Z/"}],"url":"https://www.dnnsoftware.com/community/security/security-center"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2018-18325","reference_id":"CVE-2018-18325","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-18325"},{"reference_url":"https://github.com/advisories/GHSA-j3g9-6fx5-gjv7","reference_id":"GHSA-j3g9-6fx5-gjv7","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-j3g9-6fx5-gjv7"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/58274?format=json","purl":"pkg:nuget/DotNetNuke.Core@9.3.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3b3m-76g5-5kfm"},{"vulnerability":"VCID-3e7c-8uk1-ruch"},{"vulnerability":"VCID-7u59-m3nn-q3gj"},{"vulnerability":"VCID-cs7y-gg46-r3ca"},{"vulnerability":"VCID-e5pw-7tpb-qyb8"},{"vulnerability":"VCID-erck-k36n-2yd2"},{"vulnerability":"VCID-hdn9-z9eh-abfx"},{"vulnerability":"VCID-k8b8-4muv-gye5"},{"vulnerability":"VCID-ky3u-4syg-3yat"},{"vulnerability":"VCID-m5hg-ajyc-3qf1"},{"vulnerability":"VCID-m9cg-wd76-zqcy"},{"vulnerability":"VCID-msru-ycnu-zuhe"},{"vulnerability":"VCID-nn2y-9sk9-kugc"},{"vulnerability":"VCID-pnw1-8knr-7qhc"},{"vulnerability":"VCID-q3bw-2pvk-17dg"},{"vulnerability":"VCID-q97q-u1zk-rqhd"},{"vulnerability":"VCID-qscj-d21p-nfby"},{"vulnerability":"VCID-r799-28wr-23bu"},{"vulnerability":"VCID-s3s5-gwjg-rqgv"},{"vulnerability":"VCID-uc59-7c8z-6kbd"},{"vulnerability":"VCID-v7s2-8wh8-kydw"},{"vulnerability":"VCID-y61z-d6sj-qucc"},{"vulnerability":"VCID-y9ym-w5m9-e3bs"},{"vulnerability":"VCID-zfex-gefk-byfa"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:nuget/DotNetNuke.Core@9.3.0"}],"aliases":["CVE-2018-18325","GHSA-j3g9-6fx5-gjv7"],"risk_score":10.0,"exploitability":"2.0","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2dnh-g597-juce"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/108945?format=json","vulnerability_id":"VCID-3b3m-76g5-5kfm","summary":"DNN vulnerable to Relative Path Traversal\nDNN (GitHub repository dnnsoftware/dnn.platform) prior to 9.11.0 is vulnerable to Relative Path Traversal. Version 9.11.0 contains a patch for this issue.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-2922","reference_id":"","reference_type":"","scores":[{"value":"0.00453","scoring_system":"epss","scoring_elements":"0.64126","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00453","scoring_system":"epss","scoring_elements":"0.64135","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00453","scoring_system":"epss","scoring_elements":"0.64083","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-2922"},{"reference_url":"https://github.com/dnnsoftware/dnn.platform","reference_id":"","reference_type":"","scores":[{"value":"4.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/dnnsoftware/dnn.platform"},{"reference_url":"https://github.com/dnnsoftware/Dnn.Platform/commit/3697c5344cef8d49214230f0cc2efcd9e93a00a8","reference_id":"","reference_type":"","scores":[{"value":"4.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/dnnsoftware/Dnn.Platform/commit/3697c5344cef8d49214230f0cc2efcd9e93a00a8"},{"reference_url":"https://github.com/dnnsoftware/dnn.platform/commit/9b17351592fbde376506ba6705dbcc7a74a2a195","reference_id":"","reference_type":"","scores":[{"value":"4.9","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N"},{"value":"4.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-20T16:03:27Z/"}],"url":"https://github.com/dnnsoftware/dnn.platform/commit/9b17351592fbde376506ba6705dbcc7a74a2a195"},{"reference_url":"https://huntr.dev/bounties/74918f40-dc11-4218-abef-064eb71a0703","reference_id":"","reference_type":"","scores":[{"value":"4.9","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N"},{"value":"4.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-20T16:03:27Z/"}],"url":"https://huntr.dev/bounties/74918f40-dc11-4218-abef-064eb71a0703"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-2922","reference_id":"","reference_type":"","scores":[{"value":"4.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-2922"},{"reference_url":"https://github.com/advisories/GHSA-9w72-2f23-57gm","reference_id":"GHSA-9w72-2f23-57gm","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-9w72-2f23-57gm"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/145123?format=json","purl":"pkg:nuget/DotNetNuke.Core@9.11.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7u59-m3nn-q3gj"},{"vulnerability":"VCID-cs7y-gg46-r3ca"},{"vulnerability":"VCID-e5pw-7tpb-qyb8"},{"vulnerability":"VCID-erck-k36n-2yd2"},{"vulnerability":"VCID-hdn9-z9eh-abfx"},{"vulnerability":"VCID-k8b8-4muv-gye5"},{"vulnerability":"VCID-m9cg-wd76-zqcy"},{"vulnerability":"VCID-msru-ycnu-zuhe"},{"vulnerability":"VCID-nn2y-9sk9-kugc"},{"vulnerability":"VCID-q3bw-2pvk-17dg"},{"vulnerability":"VCID-q97q-u1zk-rqhd"},{"vulnerability":"VCID-r799-28wr-23bu"},{"vulnerability":"VCID-s3s5-gwjg-rqgv"},{"vulnerability":"VCID-v7s2-8wh8-kydw"},{"vulnerability":"VCID-y61z-d6sj-qucc"},{"vulnerability":"VCID-zfex-gefk-byfa"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:nuget/DotNetNuke.Core@9.11.0"}],"aliases":["CVE-2022-2922","GHSA-9w72-2f23-57gm"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-3b3m-76g5-5kfm"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/51854?format=json","vulnerability_id":"VCID-3e7c-8uk1-ruch","summary":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')\nStored Cross-Site Scripting in DotNetNuke (DNN) allows remote attackers to store and embed the malicious script into the admin notification page. The exploit could be used to perfom any action with admin privileges such as managing content, adding users, uploading backdoors to the server, etc. Successful exploitation occurs when an admin user visits a notification page with stored cross-site scripting.","references":[{"reference_url":"http://packetstormsecurity.com/files/154673/DotNetNuke-Cross-Site-Scripting.html","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://packetstormsecurity.com/files/154673/DotNetNuke-Cross-Site-Scripting.html"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-12562","reference_id":"","reference_type":"","scores":[{"value":"0.38668","scoring_system":"epss","scoring_elements":"0.97339","published_at":"2026-06-06T12:55:00Z"},{"value":"0.38668","scoring_system":"epss","scoring_elements":"0.97334","published_at":"2026-06-04T12:55:00Z"},{"value":"0.38668","scoring_system":"epss","scoring_elements":"0.97338","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-12562"},{"reference_url":"https://mayaseven.com/cve-2019-12562-stored-cross-site-scripting-in-dotnetnuke-dnn-version-v9-3-2","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://mayaseven.com/cve-2019-12562-stored-cross-site-scripting-in-dotnetnuke-dnn-version-v9-3-2"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/webapps/47448.py","reference_id":"CVE-2019-12562","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/webapps/47448.py"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-12562","reference_id":"CVE-2019-12562","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-12562"},{"reference_url":"https://mayaseven.com/cve-2019-12562-stored-cross-site-scripting-in-dotnetnuke-dnn-version-v9-3-2/","reference_id":"CVE-2019-12562-STORED-CROSS-SITE-SCRIPTING-IN-DOTNETNUKE-DNN-VERSION-V9-3-2","reference_type":"","scores":[],"url":"https://mayaseven.com/cve-2019-12562-stored-cross-site-scripting-in-dotnetnuke-dnn-version-v9-3-2/"},{"reference_url":"https://github.com/advisories/GHSA-5whq-j5qg-wjvp","reference_id":"GHSA-5whq-j5qg-wjvp","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-5whq-j5qg-wjvp"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/75993?format=json","purl":"pkg:nuget/DotNetNuke.Core@9.4.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3b3m-76g5-5kfm"},{"vulnerability":"VCID-7u59-m3nn-q3gj"},{"vulnerability":"VCID-cs7y-gg46-r3ca"},{"vulnerability":"VCID-e5pw-7tpb-qyb8"},{"vulnerability":"VCID-erck-k36n-2yd2"},{"vulnerability":"VCID-hdn9-z9eh-abfx"},{"vulnerability":"VCID-k8b8-4muv-gye5"},{"vulnerability":"VCID-ky3u-4syg-3yat"},{"vulnerability":"VCID-m5hg-ajyc-3qf1"},{"vulnerability":"VCID-m9cg-wd76-zqcy"},{"vulnerability":"VCID-msru-ycnu-zuhe"},{"vulnerability":"VCID-nn2y-9sk9-kugc"},{"vulnerability":"VCID-pnw1-8knr-7qhc"},{"vulnerability":"VCID-q3bw-2pvk-17dg"},{"vulnerability":"VCID-q97q-u1zk-rqhd"},{"vulnerability":"VCID-qscj-d21p-nfby"},{"vulnerability":"VCID-r799-28wr-23bu"},{"vulnerability":"VCID-s3s5-gwjg-rqgv"},{"vulnerability":"VCID-uc59-7c8z-6kbd"},{"vulnerability":"VCID-v7s2-8wh8-kydw"},{"vulnerability":"VCID-y61z-d6sj-qucc"},{"vulnerability":"VCID-y9ym-w5m9-e3bs"},{"vulnerability":"VCID-zfex-gefk-byfa"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:nuget/DotNetNuke.Core@9.4.0"}],"aliases":["CVE-2019-12562","GHSA-5whq-j5qg-wjvp"],"risk_score":10.0,"exploitability":"2.0","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-3e7c-8uk1-ruch"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/89773?format=json","vulnerability_id":"VCID-7u59-m3nn-q3gj","summary":"DotNetNuke.Core has stored cross-site-scripting (XSS) via SVG upload\nDNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Prior to version 10.2.2, a user could upload a specially crafted SVG file that could include scripts that can target both authenticated and unauthenticated DNN users. The impact is increased if the scripts are run by a power user. Version 10.2.2 patches the issue.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-40321","reference_id":"","reference_type":"","scores":[{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.0611","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.06122","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-40321"},{"reference_url":"https://github.com/dnnsoftware/Dnn.Platform","reference_id":"","reference_type":"","scores":[{"value":"8.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/dnnsoftware/Dnn.Platform"},{"reference_url":"https://github.com/dnnsoftware/Dnn.Platform/releases/tag/v10.2.2","reference_id":"","reference_type":"","scores":[{"value":"8.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H"},{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-20T16:00:34Z/"}],"url":"https://github.com/dnnsoftware/Dnn.Platform/releases/tag/v10.2.2"},{"reference_url":"https://github.com/dnnsoftware/Dnn.Platform/security/advisories/GHSA-ffq7-898w-9jc4","reference_id":"","reference_type":"","scores":[{"value":"8.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H"},{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-20T16:00:34Z/"}],"url":"https://github.com/dnnsoftware/Dnn.Platform/security/advisories/GHSA-ffq7-898w-9jc4"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-40321","reference_id":"","reference_type":"","scores":[{"value":"8.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-40321"},{"reference_url":"https://github.com/advisories/GHSA-ffq7-898w-9jc4","reference_id":"GHSA-ffq7-898w-9jc4","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-ffq7-898w-9jc4"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/110262?format=json","purl":"pkg:nuget/DotNetNuke.Core@10.2.2","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:nuget/DotNetNuke.Core@10.2.2"}],"aliases":["CVE-2026-40321","GHSA-ffq7-898w-9jc4"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-7u59-m3nn-q3gj"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/49885?format=json","vulnerability_id":"VCID-cs7y-gg46-r3ca","summary":"DotNetNuke.Core Vulnerable to Stored XSS in Scheduler LogNotes\nExtensions could write richtext in log notes which can include scripts that would run in the PersonaBar when displayed.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-24836","reference_id":"","reference_type":"","scores":[{"value":"0.00017","scoring_system":"epss","scoring_elements":"0.04161","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-24836"},{"reference_url":"https://github.com/dnnsoftware/Dnn.Platform","reference_id":"","reference_type":"","scores":[{"value":"7.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/dnnsoftware/Dnn.Platform"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-24836","reference_id":"CVE-2026-24836","reference_type":"","scores":[{"value":"7.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-24836"},{"reference_url":"https://github.com/advisories/GHSA-2g5g-hcgh-q3rp","reference_id":"GHSA-2g5g-hcgh-q3rp","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-2g5g-hcgh-q3rp"},{"reference_url":"https://github.com/dnnsoftware/Dnn.Platform/security/advisories/GHSA-2g5g-hcgh-q3rp","reference_id":"GHSA-2g5g-hcgh-q3rp","reference_type":"","scores":[{"value":"7.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H"},{"value":"7.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-01-28T21:04:00Z/"}],"url":"https://github.com/dnnsoftware/Dnn.Platform/security/advisories/GHSA-2g5g-hcgh-q3rp"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/73660?format=json","purl":"pkg:nuget/DotNetNuke.Core@10.2.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-77qd-hb2k-8uam"},{"vulnerability":"VCID-7u59-m3nn-q3gj"},{"vulnerability":"VCID-k8b8-4muv-gye5"},{"vulnerability":"VCID-s3s5-gwjg-rqgv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:nuget/DotNetNuke.Core@10.2.0"}],"aliases":["CVE-2026-24836","GHSA-2g5g-hcgh-q3rp"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-cs7y-gg46-r3ca"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/41151?format=json","vulnerability_id":"VCID-dnf9-9hrt-1qfx","summary":"Inadequate Encryption Strength in DotNetNuke\nDNN (aka DotNetNuke) 9.2 through 9.2.1 uses a weak encryption algorithm to protect input parameters.","references":[{"reference_url":"http://packetstormsecurity.com/files/157080/DotNetNuke-Cookie-Deserialization-Remote-Code-Execution.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H"},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-02-04T20:15:46Z/"}],"url":"http://packetstormsecurity.com/files/157080/DotNetNuke-Cookie-Deserialization-Remote-Code-Execution.html"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-15811","reference_id":"","reference_type":"","scores":[{"value":"0.92962","scoring_system":"epss","scoring_elements":"0.99784","published_at":"2026-06-04T12:55:00Z"},{"value":"0.92962","scoring_system":"epss","scoring_elements":"0.99785","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-15811"},{"reference_url":"https://github.com/dnnsoftware/Dnn.Platform/releases","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-02-04T20:15:46Z/"}],"url":"https://github.com/dnnsoftware/Dnn.Platform/releases"},{"reference_url":"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2018-15811","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2018-15811"},{"reference_url":"https://www.dnnsoftware.com/community/security/security-center","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-02-04T20:15:46Z/"}],"url":"https://www.dnnsoftware.com/community/security/security-center"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2018-15811","reference_id":"CVE-2018-15811","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-15811"},{"reference_url":"https://github.com/advisories/GHSA-h595-8pw6-5q6v","reference_id":"GHSA-h595-8pw6-5q6v","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-h595-8pw6-5q6v"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/58277?format=json","purl":"pkg:nuget/DotNetNuke.Core@9.2.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-uk5d-ubkt-6fhn"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:nuget/DotNetNuke.Core@9.2.2"},{"url":"http://public2.vulnerablecode.io/api/packages/58274?format=json","purl":"pkg:nuget/DotNetNuke.Core@9.3.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3b3m-76g5-5kfm"},{"vulnerability":"VCID-3e7c-8uk1-ruch"},{"vulnerability":"VCID-7u59-m3nn-q3gj"},{"vulnerability":"VCID-cs7y-gg46-r3ca"},{"vulnerability":"VCID-e5pw-7tpb-qyb8"},{"vulnerability":"VCID-erck-k36n-2yd2"},{"vulnerability":"VCID-hdn9-z9eh-abfx"},{"vulnerability":"VCID-k8b8-4muv-gye5"},{"vulnerability":"VCID-ky3u-4syg-3yat"},{"vulnerability":"VCID-m5hg-ajyc-3qf1"},{"vulnerability":"VCID-m9cg-wd76-zqcy"},{"vulnerability":"VCID-msru-ycnu-zuhe"},{"vulnerability":"VCID-nn2y-9sk9-kugc"},{"vulnerability":"VCID-pnw1-8knr-7qhc"},{"vulnerability":"VCID-q3bw-2pvk-17dg"},{"vulnerability":"VCID-q97q-u1zk-rqhd"},{"vulnerability":"VCID-qscj-d21p-nfby"},{"vulnerability":"VCID-r799-28wr-23bu"},{"vulnerability":"VCID-s3s5-gwjg-rqgv"},{"vulnerability":"VCID-uc59-7c8z-6kbd"},{"vulnerability":"VCID-v7s2-8wh8-kydw"},{"vulnerability":"VCID-y61z-d6sj-qucc"},{"vulnerability":"VCID-y9ym-w5m9-e3bs"},{"vulnerability":"VCID-zfex-gefk-byfa"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:nuget/DotNetNuke.Core@9.3.0"}],"aliases":["CVE-2018-15811","GHSA-h595-8pw6-5q6v"],"risk_score":10.0,"exploitability":"2.0","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-dnf9-9hrt-1qfx"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/48225?format=json","vulnerability_id":"VCID-e5pw-7tpb-qyb8","summary":"DNN vulnerable to stored cross-site-scripting (XSS) via SVG upload\nSanitization of the content of uploaded SVG files was not covering all possible XSS scenarios.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-64094","reference_id":"","reference_type":"","scores":[{"value":"0.00025","scoring_system":"epss","scoring_elements":"0.07548","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00025","scoring_system":"epss","scoring_elements":"0.0754","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-64094"},{"reference_url":"https://github.com/dnnsoftware/Dnn.Platform","reference_id":"","reference_type":"","scores":[{"value":"6.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/dnnsoftware/Dnn.Platform"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-64094","reference_id":"CVE-2025-64094","reference_type":"","scores":[{"value":"6.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-64094"},{"reference_url":"https://github.com/advisories/GHSA-hmvq-8p83-cq52","reference_id":"GHSA-hmvq-8p83-cq52","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-hmvq-8p83-cq52"},{"reference_url":"https://github.com/dnnsoftware/Dnn.Platform/security/advisories/GHSA-hmvq-8p83-cq52","reference_id":"GHSA-hmvq-8p83-cq52","reference_type":"","scores":[{"value":"6.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-29T14:51:54Z/"}],"url":"https://github.com/dnnsoftware/Dnn.Platform/security/advisories/GHSA-hmvq-8p83-cq52"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/71228?format=json","purl":"pkg:nuget/DotNetNuke.Core@10.1.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-77qd-hb2k-8uam"},{"vulnerability":"VCID-7u59-m3nn-q3gj"},{"vulnerability":"VCID-cs7y-gg46-r3ca"},{"vulnerability":"VCID-k8b8-4muv-gye5"},{"vulnerability":"VCID-q3bw-2pvk-17dg"},{"vulnerability":"VCID-q97q-u1zk-rqhd"},{"vulnerability":"VCID-r799-28wr-23bu"},{"vulnerability":"VCID-s3s5-gwjg-rqgv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:nuget/DotNetNuke.Core@10.1.1"}],"aliases":["CVE-2025-64094","GHSA-hmvq-8p83-cq52"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-e5pw-7tpb-qyb8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/47830?format=json","vulnerability_id":"VCID-erck-k36n-2yd2","summary":"DNN allows loading unused themes on anonymous clients through query parameters\nArbitrary themes can be loaded through query parameters. If an installed theme had a vulnerability, even if it was not used on any page, this could be loaded on unsuspecting clients without knowledge of the site owner.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-59535","reference_id":"","reference_type":"","scores":[{"value":"0.00107","scoring_system":"epss","scoring_elements":"0.28453","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00107","scoring_system":"epss","scoring_elements":"0.28494","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-59535"},{"reference_url":"https://dnncommunity.org/?SkinSrc=%5BG%5Dskins%2Fxcillion%2Fhome&ContainerSrc=%5BG%5DContainers%2FXcillion%2FNoTitle","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://dnncommunity.org/?SkinSrc=%5BG%5Dskins%2Fxcillion%2Fhome&ContainerSrc=%5BG%5DContainers%2FXcillion%2FNoTitle"},{"reference_url":"https://github.com/dnnsoftware/Dnn.Platform","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/dnnsoftware/Dnn.Platform"},{"reference_url":"https://github.com/dnnsoftware/Dnn.Platform/blob/develop/DNN%20Platform/Library/UI/Skins/Skin.cs#L305","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-09-23T20:08:12Z/"}],"url":"https://github.com/dnnsoftware/Dnn.Platform/blob/develop/DNN%20Platform/Library/UI/Skins/Skin.cs#L305"},{"reference_url":"https://github.com/dnnsoftware/Dnn.Platform/commit/72f30f69fd2214d77f6c2577dfcca495a24caf5c","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-09-23T20:08:12Z/"}],"url":"https://github.com/dnnsoftware/Dnn.Platform/commit/72f30f69fd2214d77f6c2577dfcca495a24caf5c"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-59535","reference_id":"CVE-2025-59535","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-59535"},{"reference_url":"https://github.com/advisories/GHSA-wq2j-w9pm-7x2p","reference_id":"GHSA-wq2j-w9pm-7x2p","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-wq2j-w9pm-7x2p"},{"reference_url":"https://github.com/dnnsoftware/Dnn.Platform/security/advisories/GHSA-wq2j-w9pm-7x2p","reference_id":"GHSA-wq2j-w9pm-7x2p","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-09-23T20:08:12Z/"}],"url":"https://github.com/dnnsoftware/Dnn.Platform/security/advisories/GHSA-wq2j-w9pm-7x2p"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/70574?format=json","purl":"pkg:nuget/DotNetNuke.Core@10.1.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-77qd-hb2k-8uam"},{"vulnerability":"VCID-7u59-m3nn-q3gj"},{"vulnerability":"VCID-cs7y-gg46-r3ca"},{"vulnerability":"VCID-e5pw-7tpb-qyb8"},{"vulnerability":"VCID-k8b8-4muv-gye5"},{"vulnerability":"VCID-q3bw-2pvk-17dg"},{"vulnerability":"VCID-q97q-u1zk-rqhd"},{"vulnerability":"VCID-r799-28wr-23bu"},{"vulnerability":"VCID-s3s5-gwjg-rqgv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:nuget/DotNetNuke.Core@10.1.0"}],"aliases":["CVE-2025-59535","GHSA-wq2j-w9pm-7x2p"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-erck-k36n-2yd2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/57111?format=json","vulnerability_id":"VCID-hdn9-z9eh-abfx","summary":"DotNetNuke.Core Vulnerable to Server-Side Request Forgery (SSRF)\nA bypass has been identified for the previously known vulnerability CVE-2017-0929, allowing unauthenticated attackers to execute arbitrary GET requests against target systems, including internal or adjacent networks.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-32372","reference_id":"","reference_type":"","scores":[{"value":"0.00102","scoring_system":"epss","scoring_elements":"0.27663","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00102","scoring_system":"epss","scoring_elements":"0.27715","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-32372"},{"reference_url":"https://github.com/dnnsoftware/Dnn.Platform","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/dnnsoftware/Dnn.Platform"},{"reference_url":"https://github.com/dnnsoftware/Dnn.Platform/commit/4721dd9eef846936d3b1a3676499e46968d15feb","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-09T15:39:52Z/"}],"url":"https://github.com/dnnsoftware/Dnn.Platform/commit/4721dd9eef846936d3b1a3676499e46968d15feb"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-32372","reference_id":"CVE-2025-32372","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-32372"},{"reference_url":"https://github.com/advisories/GHSA-3f7v-qx94-666m","reference_id":"GHSA-3f7v-qx94-666m","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-3f7v-qx94-666m"},{"reference_url":"https://github.com/dnnsoftware/Dnn.Platform/security/advisories/GHSA-3f7v-qx94-666m","reference_id":"GHSA-3f7v-qx94-666m","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-09T15:39:52Z/"}],"url":"https://github.com/dnnsoftware/Dnn.Platform/security/advisories/GHSA-3f7v-qx94-666m"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/84801?format=json","purl":"pkg:nuget/DotNetNuke.Core@9.13.8","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7u59-m3nn-q3gj"},{"vulnerability":"VCID-cs7y-gg46-r3ca"},{"vulnerability":"VCID-e5pw-7tpb-qyb8"},{"vulnerability":"VCID-erck-k36n-2yd2"},{"vulnerability":"VCID-k8b8-4muv-gye5"},{"vulnerability":"VCID-m9cg-wd76-zqcy"},{"vulnerability":"VCID-msru-ycnu-zuhe"},{"vulnerability":"VCID-nn2y-9sk9-kugc"},{"vulnerability":"VCID-q3bw-2pvk-17dg"},{"vulnerability":"VCID-q97q-u1zk-rqhd"},{"vulnerability":"VCID-r799-28wr-23bu"},{"vulnerability":"VCID-s3s5-gwjg-rqgv"},{"vulnerability":"VCID-v7s2-8wh8-kydw"},{"vulnerability":"VCID-y61z-d6sj-qucc"},{"vulnerability":"VCID-zfex-gefk-byfa"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:nuget/DotNetNuke.Core@9.13.8"}],"aliases":["CVE-2025-32372","GHSA-3f7v-qx94-666m"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-hdn9-z9eh-abfx"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/41144?format=json","vulnerability_id":"VCID-jw1r-pvtw-d3bz","summary":"Insufficient Entropy\nDNN (aka DotNetNuke) incorrectly converts encryption key source values, resulting in lower than expected entropy.","references":[{"reference_url":"http://packetstormsecurity.com/files/157080/DotNetNuke-Cookie-Deserialization-Remote-Code-Execution.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://packetstormsecurity.com/files/157080/DotNetNuke-Cookie-Deserialization-Remote-Code-Execution.html"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-15812","reference_id":"","reference_type":"","scores":[{"value":"0.79178","scoring_system":"epss","scoring_elements":"0.99091","published_at":"2026-06-06T12:55:00Z"},{"value":"0.79178","scoring_system":"epss","scoring_elements":"0.99089","published_at":"2026-06-04T12:55:00Z"},{"value":"0.79178","scoring_system":"epss","scoring_elements":"0.9909","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-15812"},{"reference_url":"https://github.com/dnnsoftware/Dnn.Platform/releases","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/dnnsoftware/Dnn.Platform/releases"},{"reference_url":"https://www.dnnsoftware.com/community/security/security-center","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.dnnsoftware.com/community/security/security-center"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2018-15812","reference_id":"CVE-2018-15812","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-15812"},{"reference_url":"https://github.com/advisories/GHSA-pf46-gqg9-j3v3","reference_id":"GHSA-pf46-gqg9-j3v3","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-pf46-gqg9-j3v3"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/238555?format=json","purl":"pkg:nuget/DotNetNuke.Core@9.2.1.533","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2dnh-g597-juce"},{"vulnerability":"VCID-3b3m-76g5-5kfm"},{"vulnerability":"VCID-3e7c-8uk1-ruch"},{"vulnerability":"VCID-7u59-m3nn-q3gj"},{"vulnerability":"VCID-cs7y-gg46-r3ca"},{"vulnerability":"VCID-dnf9-9hrt-1qfx"},{"vulnerability":"VCID-e5pw-7tpb-qyb8"},{"vulnerability":"VCID-erck-k36n-2yd2"},{"vulnerability":"VCID-hdn9-z9eh-abfx"},{"vulnerability":"VCID-k8b8-4muv-gye5"},{"vulnerability":"VCID-ky3u-4syg-3yat"},{"vulnerability":"VCID-m5hg-ajyc-3qf1"},{"vulnerability":"VCID-m9cg-wd76-zqcy"},{"vulnerability":"VCID-msru-ycnu-zuhe"},{"vulnerability":"VCID-nn2y-9sk9-kugc"},{"vulnerability":"VCID-pnw1-8knr-7qhc"},{"vulnerability":"VCID-q3bw-2pvk-17dg"},{"vulnerability":"VCID-q97q-u1zk-rqhd"},{"vulnerability":"VCID-qscj-d21p-nfby"},{"vulnerability":"VCID-r799-28wr-23bu"},{"vulnerability":"VCID-s3s5-gwjg-rqgv"},{"vulnerability":"VCID-uc59-7c8z-6kbd"},{"vulnerability":"VCID-uk5d-ubkt-6fhn"},{"vulnerability":"VCID-v7s2-8wh8-kydw"},{"vulnerability":"VCID-y61z-d6sj-qucc"},{"vulnerability":"VCID-y9ym-w5m9-e3bs"},{"vulnerability":"VCID-zfex-gefk-byfa"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:nuget/DotNetNuke.Core@9.2.1.533"},{"url":"http://public2.vulnerablecode.io/api/packages/58277?format=json","purl":"pkg:nuget/DotNetNuke.Core@9.2.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-uk5d-ubkt-6fhn"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:nuget/DotNetNuke.Core@9.2.2"},{"url":"http://public2.vulnerablecode.io/api/packages/58274?format=json","purl":"pkg:nuget/DotNetNuke.Core@9.3.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3b3m-76g5-5kfm"},{"vulnerability":"VCID-3e7c-8uk1-ruch"},{"vulnerability":"VCID-7u59-m3nn-q3gj"},{"vulnerability":"VCID-cs7y-gg46-r3ca"},{"vulnerability":"VCID-e5pw-7tpb-qyb8"},{"vulnerability":"VCID-erck-k36n-2yd2"},{"vulnerability":"VCID-hdn9-z9eh-abfx"},{"vulnerability":"VCID-k8b8-4muv-gye5"},{"vulnerability":"VCID-ky3u-4syg-3yat"},{"vulnerability":"VCID-m5hg-ajyc-3qf1"},{"vulnerability":"VCID-m9cg-wd76-zqcy"},{"vulnerability":"VCID-msru-ycnu-zuhe"},{"vulnerability":"VCID-nn2y-9sk9-kugc"},{"vulnerability":"VCID-pnw1-8knr-7qhc"},{"vulnerability":"VCID-q3bw-2pvk-17dg"},{"vulnerability":"VCID-q97q-u1zk-rqhd"},{"vulnerability":"VCID-qscj-d21p-nfby"},{"vulnerability":"VCID-r799-28wr-23bu"},{"vulnerability":"VCID-s3s5-gwjg-rqgv"},{"vulnerability":"VCID-uc59-7c8z-6kbd"},{"vulnerability":"VCID-v7s2-8wh8-kydw"},{"vulnerability":"VCID-y61z-d6sj-qucc"},{"vulnerability":"VCID-y9ym-w5m9-e3bs"},{"vulnerability":"VCID-zfex-gefk-byfa"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:nuget/DotNetNuke.Core@9.3.0"}],"aliases":["CVE-2018-15812","GHSA-pf46-gqg9-j3v3"],"risk_score":10.0,"exploitability":"2.0","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-jw1r-pvtw-d3bz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/90281?format=json","vulnerability_id":"VCID-k8b8-4muv-gye5","summary":"DNN: Force Friend Request Acceptance\nDNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Starting in version 6.0.0 and prior to version 10.2.2, in the friends feature, a user could craft a request that would force the acceptance of a friend request on another user. Version 10.2.2 patches the issue.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-40305","reference_id":"","reference_type":"","scores":[{"value":"0.00034","scoring_system":"epss","scoring_elements":"0.10515","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00034","scoring_system":"epss","scoring_elements":"0.10536","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-40305"},{"reference_url":"https://github.com/dnnsoftware/Dnn.Platform","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/dnnsoftware/Dnn.Platform"},{"reference_url":"https://github.com/dnnsoftware/Dnn.Platform/releases/tag/v10.2.2","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-20T13:22:45Z/"}],"url":"https://github.com/dnnsoftware/Dnn.Platform/releases/tag/v10.2.2"},{"reference_url":"https://github.com/dnnsoftware/Dnn.Platform/security/advisories/GHSA-fpj4-9qhx-5m6m","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-20T13:22:45Z/"}],"url":"https://github.com/dnnsoftware/Dnn.Platform/security/advisories/GHSA-fpj4-9qhx-5m6m"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-40305","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-40305"},{"reference_url":"https://github.com/advisories/GHSA-fpj4-9qhx-5m6m","reference_id":"GHSA-fpj4-9qhx-5m6m","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-fpj4-9qhx-5m6m"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/110262?format=json","purl":"pkg:nuget/DotNetNuke.Core@10.2.2","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:nuget/DotNetNuke.Core@10.2.2"}],"aliases":["CVE-2026-40305","GHSA-fpj4-9qhx-5m6m"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-k8b8-4muv-gye5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/44931?format=json","vulnerability_id":"VCID-ky3u-4syg-3yat","summary":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')\nAn arbitrary file upload vulnerability in the Digital Assets Manager module of DNN Corp DotNetNuke v7.0.0 to v9.10.2 allows attackers to execute arbitrary code via a crafted SVG file.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-47053","reference_id":"","reference_type":"","scores":[{"value":"0.00738","scoring_system":"epss","scoring_elements":"0.73261","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00738","scoring_system":"epss","scoring_elements":"0.73224","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00738","scoring_system":"epss","scoring_elements":"0.73267","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-47053"},{"reference_url":"https://www.dnnsoftware.com/community/security/security-center","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-10T16:43:29Z/"}],"url":"https://www.dnnsoftware.com/community/security/security-center"},{"reference_url":"https://www.dnnsoftware.com/community/security/security-center#:~:text=XSS%20in%20Digital%20Asset%20Manager","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-10T16:43:29Z/"}],"url":"https://www.dnnsoftware.com/community/security/security-center#:~:text=XSS%20in%20Digital%20Asset%20Manager"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-47053","reference_id":"CVE-2022-47053","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-47053"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/145123?format=json","purl":"pkg:nuget/DotNetNuke.Core@9.11.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7u59-m3nn-q3gj"},{"vulnerability":"VCID-cs7y-gg46-r3ca"},{"vulnerability":"VCID-e5pw-7tpb-qyb8"},{"vulnerability":"VCID-erck-k36n-2yd2"},{"vulnerability":"VCID-hdn9-z9eh-abfx"},{"vulnerability":"VCID-k8b8-4muv-gye5"},{"vulnerability":"VCID-m9cg-wd76-zqcy"},{"vulnerability":"VCID-msru-ycnu-zuhe"},{"vulnerability":"VCID-nn2y-9sk9-kugc"},{"vulnerability":"VCID-q3bw-2pvk-17dg"},{"vulnerability":"VCID-q97q-u1zk-rqhd"},{"vulnerability":"VCID-r799-28wr-23bu"},{"vulnerability":"VCID-s3s5-gwjg-rqgv"},{"vulnerability":"VCID-v7s2-8wh8-kydw"},{"vulnerability":"VCID-y61z-d6sj-qucc"},{"vulnerability":"VCID-zfex-gefk-byfa"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:nuget/DotNetNuke.Core@9.11.0"}],"aliases":["CVE-2022-47053"],"risk_score":1.4,"exploitability":"0.5","weighted_severity":"2.7","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ky3u-4syg-3yat"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/52287?format=json","vulnerability_id":"VCID-m5hg-ajyc-3qf1","summary":"Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')\nDNN (formerly DotNetNuke) allows Path Traversal.","references":[{"reference_url":"http://packetstormsecurity.com/files/156489/DotNetNuke-CMS-9.4.4-Zip-Directory-Traversal.html","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://packetstormsecurity.com/files/156489/DotNetNuke-CMS-9.4.4-Zip-Directory-Traversal.html"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-5187","reference_id":"","reference_type":"","scores":[{"value":"0.00709","scoring_system":"epss","scoring_elements":"0.72638","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00709","scoring_system":"epss","scoring_elements":"0.72631","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00709","scoring_system":"epss","scoring_elements":"0.72591","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-5187"},{"reference_url":"https://github.com/dnnsoftware/Dnn.Platform/releases","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/dnnsoftware/Dnn.Platform/releases"},{"reference_url":"https://medium.com/@SajjadPourali/dnn-dotnetnuke-cms-not-as-secure-as-you-think-e8516f789175","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://medium.com/@SajjadPourali/dnn-dotnetnuke-cms-not-as-secure-as-you-think-e8516f789175"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-5187","reference_id":"CVE-2020-5187","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-5187"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/76732?format=json","purl":"pkg:nuget/DotNetNuke.Core@9.5.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3b3m-76g5-5kfm"},{"vulnerability":"VCID-7u59-m3nn-q3gj"},{"vulnerability":"VCID-cs7y-gg46-r3ca"},{"vulnerability":"VCID-e5pw-7tpb-qyb8"},{"vulnerability":"VCID-erck-k36n-2yd2"},{"vulnerability":"VCID-hdn9-z9eh-abfx"},{"vulnerability":"VCID-k8b8-4muv-gye5"},{"vulnerability":"VCID-kcww-jwz6-97fa"},{"vulnerability":"VCID-ky3u-4syg-3yat"},{"vulnerability":"VCID-m9cg-wd76-zqcy"},{"vulnerability":"VCID-msru-ycnu-zuhe"},{"vulnerability":"VCID-nn2y-9sk9-kugc"},{"vulnerability":"VCID-pnw1-8knr-7qhc"},{"vulnerability":"VCID-q3bw-2pvk-17dg"},{"vulnerability":"VCID-q97q-u1zk-rqhd"},{"vulnerability":"VCID-r799-28wr-23bu"},{"vulnerability":"VCID-s3s5-gwjg-rqgv"},{"vulnerability":"VCID-uc59-7c8z-6kbd"},{"vulnerability":"VCID-v7s2-8wh8-kydw"},{"vulnerability":"VCID-y61z-d6sj-qucc"},{"vulnerability":"VCID-zfex-gefk-byfa"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:nuget/DotNetNuke.Core@9.5.0"},{"url":"http://public2.vulnerablecode.io/api/packages/198370?format=json","purl":"pkg:nuget/DotNetNuke.Core@9.13.0-ci0000","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7u59-m3nn-q3gj"},{"vulnerability":"VCID-cs7y-gg46-r3ca"},{"vulnerability":"VCID-e5pw-7tpb-qyb8"},{"vulnerability":"VCID-erck-k36n-2yd2"},{"vulnerability":"VCID-hdn9-z9eh-abfx"},{"vulnerability":"VCID-k8b8-4muv-gye5"},{"vulnerability":"VCID-m9cg-wd76-zqcy"},{"vulnerability":"VCID-msru-ycnu-zuhe"},{"vulnerability":"VCID-nn2y-9sk9-kugc"},{"vulnerability":"VCID-q3bw-2pvk-17dg"},{"vulnerability":"VCID-q97q-u1zk-rqhd"},{"vulnerability":"VCID-r799-28wr-23bu"},{"vulnerability":"VCID-s3s5-gwjg-rqgv"},{"vulnerability":"VCID-v7s2-8wh8-kydw"},{"vulnerability":"VCID-y61z-d6sj-qucc"},{"vulnerability":"VCID-zfex-gefk-byfa"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:nuget/DotNetNuke.Core@9.13.0-ci0000"}],"aliases":["CVE-2020-5187","GHSA-4qf5-7xc2-wqpg"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-m5hg-ajyc-3qf1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/47823?format=json","vulnerability_id":"VCID-m9cg-wd76-zqcy","summary":"Duplicate\nThis advisory duplicates another.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-59539","reference_id":"","reference_type":"","scores":[{"value":"0.00027","scoring_system":"epss","scoring_elements":"0.08259","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00027","scoring_system":"epss","scoring_elements":"0.08247","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-59539"},{"reference_url":"https://github.com/dnnsoftware/Dnn.Platform","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/dnnsoftware/Dnn.Platform"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-59539","reference_id":"CVE-2025-59539","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-59539"},{"reference_url":"https://github.com/advisories/GHSA-7rcc-q6rq-jpcm","reference_id":"GHSA-7rcc-q6rq-jpcm","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-7rcc-q6rq-jpcm"},{"reference_url":"https://github.com/dnnsoftware/Dnn.Platform/security/advisories/GHSA-7rcc-q6rq-jpcm","reference_id":"GHSA-7rcc-q6rq-jpcm","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-23T18:30:23Z/"}],"url":"https://github.com/dnnsoftware/Dnn.Platform/security/advisories/GHSA-7rcc-q6rq-jpcm"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/70574?format=json","purl":"pkg:nuget/DotNetNuke.Core@10.1.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-77qd-hb2k-8uam"},{"vulnerability":"VCID-7u59-m3nn-q3gj"},{"vulnerability":"VCID-cs7y-gg46-r3ca"},{"vulnerability":"VCID-e5pw-7tpb-qyb8"},{"vulnerability":"VCID-k8b8-4muv-gye5"},{"vulnerability":"VCID-q3bw-2pvk-17dg"},{"vulnerability":"VCID-q97q-u1zk-rqhd"},{"vulnerability":"VCID-r799-28wr-23bu"},{"vulnerability":"VCID-s3s5-gwjg-rqgv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:nuget/DotNetNuke.Core@10.1.0"}],"aliases":["CVE-2025-59539","GHSA-7rcc-q6rq-jpcm"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-m9cg-wd76-zqcy"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/47837?format=json","vulnerability_id":"VCID-msru-ycnu-zuhe","summary":"DNN Vulnerable to Stored Cross-Site Scripting (XSS) in the Prompt module\nThe Prompt module allows execution of commands that can return raw HTML. Malicious input, even if sanitized for display elsewhere, can be executed when processed through certain commands, leading to potential script execution (XSS).","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-59545","reference_id":"","reference_type":"","scores":[{"value":"0.00071","scoring_system":"epss","scoring_elements":"0.2186","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00071","scoring_system":"epss","scoring_elements":"0.21872","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-59545"},{"reference_url":"https://github.com/dnnsoftware/Dnn.Platform","reference_id":"","reference_type":"","scores":[{"value":"9.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/dnnsoftware/Dnn.Platform"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-59545","reference_id":"CVE-2025-59545","reference_type":"","scores":[{"value":"9.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-59545"},{"reference_url":"https://github.com/advisories/GHSA-2qxc-mf4x-wr29","reference_id":"GHSA-2qxc-mf4x-wr29","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-2qxc-mf4x-wr29"},{"reference_url":"https://github.com/dnnsoftware/Dnn.Platform/security/advisories/GHSA-2qxc-mf4x-wr29","reference_id":"GHSA-2qxc-mf4x-wr29","reference_type":"","scores":[{"value":"9.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H"},{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-09-23T18:30:12Z/"}],"url":"https://github.com/dnnsoftware/Dnn.Platform/security/advisories/GHSA-2qxc-mf4x-wr29"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/70574?format=json","purl":"pkg:nuget/DotNetNuke.Core@10.1.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-77qd-hb2k-8uam"},{"vulnerability":"VCID-7u59-m3nn-q3gj"},{"vulnerability":"VCID-cs7y-gg46-r3ca"},{"vulnerability":"VCID-e5pw-7tpb-qyb8"},{"vulnerability":"VCID-k8b8-4muv-gye5"},{"vulnerability":"VCID-q3bw-2pvk-17dg"},{"vulnerability":"VCID-q97q-u1zk-rqhd"},{"vulnerability":"VCID-r799-28wr-23bu"},{"vulnerability":"VCID-s3s5-gwjg-rqgv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:nuget/DotNetNuke.Core@10.1.0"}],"aliases":["CVE-2025-59545","GHSA-2qxc-mf4x-wr29"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-msru-ycnu-zuhe"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/57341?format=json","vulnerability_id":"VCID-nn2y-9sk9-kugc","summary":"DNN allows Stored Cross-Site Scripting (XSS) with svg files rendered inline\nUploaded SVG files could contain scripts and if rendered inline those scripts could run allowing XSS attacks.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-48378","reference_id":"","reference_type":"","scores":[{"value":"0.00055","scoring_system":"epss","scoring_elements":"0.17667","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00055","scoring_system":"epss","scoring_elements":"0.17673","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-48378"},{"reference_url":"https://github.com/dnnsoftware/Dnn.Platform","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/dnnsoftware/Dnn.Platform"},{"reference_url":"https://github.com/dnnsoftware/Dnn.Platform/commit/cfed83c291d5e5072b2fa70924a8b7c35b1cdf9e","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-23T16:00:53Z/"}],"url":"https://github.com/dnnsoftware/Dnn.Platform/commit/cfed83c291d5e5072b2fa70924a8b7c35b1cdf9e"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-48378","reference_id":"CVE-2025-48378","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-48378"},{"reference_url":"https://github.com/advisories/GHSA-m4hf-fxcg-cp34","reference_id":"GHSA-m4hf-fxcg-cp34","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-m4hf-fxcg-cp34"},{"reference_url":"https://github.com/dnnsoftware/Dnn.Platform/security/advisories/GHSA-m4hf-fxcg-cp34","reference_id":"GHSA-m4hf-fxcg-cp34","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-23T16:00:53Z/"}],"url":"https://github.com/dnnsoftware/Dnn.Platform/security/advisories/GHSA-m4hf-fxcg-cp34"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/73694?format=json","purl":"pkg:nuget/DotNetNuke.Core@9.13.9","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7u59-m3nn-q3gj"},{"vulnerability":"VCID-cs7y-gg46-r3ca"},{"vulnerability":"VCID-e5pw-7tpb-qyb8"},{"vulnerability":"VCID-erck-k36n-2yd2"},{"vulnerability":"VCID-k8b8-4muv-gye5"},{"vulnerability":"VCID-m9cg-wd76-zqcy"},{"vulnerability":"VCID-msru-ycnu-zuhe"},{"vulnerability":"VCID-q3bw-2pvk-17dg"},{"vulnerability":"VCID-q97q-u1zk-rqhd"},{"vulnerability":"VCID-r799-28wr-23bu"},{"vulnerability":"VCID-s3s5-gwjg-rqgv"},{"vulnerability":"VCID-y61z-d6sj-qucc"},{"vulnerability":"VCID-zfex-gefk-byfa"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:nuget/DotNetNuke.Core@9.13.9"}],"aliases":["CVE-2025-48378","GHSA-m4hf-fxcg-cp34"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-nn2y-9sk9-kugc"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/247801?format=json","vulnerability_id":"VCID-pnw1-8knr-7qhc","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-40186","reference_id":"","reference_type":"","scores":[{"value":"0.00311","scoring_system":"epss","scoring_elements":"0.54618","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00311","scoring_system":"epss","scoring_elements":"0.54676","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00311","scoring_system":"epss","scoring_elements":"0.54687","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-40186"},{"reference_url":"https://appcheck-ng.com/dnn-cms-server-side-request-forgery-cve-2021-40186","reference_id":"","reference_type":"","scores":[],"url":"https://appcheck-ng.com/dnn-cms-server-side-request-forgery-cve-2021-40186"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-40186","reference_id":"CVE-2021-40186","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-40186"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/198370?format=json","purl":"pkg:nuget/DotNetNuke.Core@9.13.0-ci0000","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7u59-m3nn-q3gj"},{"vulnerability":"VCID-cs7y-gg46-r3ca"},{"vulnerability":"VCID-e5pw-7tpb-qyb8"},{"vulnerability":"VCID-erck-k36n-2yd2"},{"vulnerability":"VCID-hdn9-z9eh-abfx"},{"vulnerability":"VCID-k8b8-4muv-gye5"},{"vulnerability":"VCID-m9cg-wd76-zqcy"},{"vulnerability":"VCID-msru-ycnu-zuhe"},{"vulnerability":"VCID-nn2y-9sk9-kugc"},{"vulnerability":"VCID-q3bw-2pvk-17dg"},{"vulnerability":"VCID-q97q-u1zk-rqhd"},{"vulnerability":"VCID-r799-28wr-23bu"},{"vulnerability":"VCID-s3s5-gwjg-rqgv"},{"vulnerability":"VCID-v7s2-8wh8-kydw"},{"vulnerability":"VCID-y61z-d6sj-qucc"},{"vulnerability":"VCID-zfex-gefk-byfa"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:nuget/DotNetNuke.Core@9.13.0-ci0000"}],"aliases":["CVE-2021-40186"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-pnw1-8knr-7qhc"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/49880?format=json","vulnerability_id":"VCID-q3bw-2pvk-17dg","summary":"DotNetNuke.Core Vulnerable to Stored XSS in Module Deletion Confirmation Modal\nA module friendly name could include scripts that will run during some module operations in the Persona Bar.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-24837","reference_id":"","reference_type":"","scores":[{"value":"0.00017","scoring_system":"epss","scoring_elements":"0.04161","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-24837"},{"reference_url":"https://github.com/dnnsoftware/Dnn.Platform","reference_id":"","reference_type":"","scores":[{"value":"7.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/dnnsoftware/Dnn.Platform"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-24837","reference_id":"CVE-2026-24837","reference_type":"","scores":[{"value":"7.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-24837"},{"reference_url":"https://github.com/advisories/GHSA-vm5q-8qww-h238","reference_id":"GHSA-vm5q-8qww-h238","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-vm5q-8qww-h238"},{"reference_url":"https://github.com/dnnsoftware/Dnn.Platform/security/advisories/GHSA-vm5q-8qww-h238","reference_id":"GHSA-vm5q-8qww-h238","reference_type":"","scores":[{"value":"7.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H"},{"value":"7.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-01-28T21:02:52Z/"}],"url":"https://github.com/dnnsoftware/Dnn.Platform/security/advisories/GHSA-vm5q-8qww-h238"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/73660?format=json","purl":"pkg:nuget/DotNetNuke.Core@10.2.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-77qd-hb2k-8uam"},{"vulnerability":"VCID-7u59-m3nn-q3gj"},{"vulnerability":"VCID-k8b8-4muv-gye5"},{"vulnerability":"VCID-s3s5-gwjg-rqgv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:nuget/DotNetNuke.Core@10.2.0"}],"aliases":["CVE-2026-24837","GHSA-vm5q-8qww-h238"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-q3bw-2pvk-17dg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/49878?format=json","vulnerability_id":"VCID-q97q-u1zk-rqhd","summary":"DotNetNuke.Core has a potential XSS vulnerability in modules' header and footer\nA content editor could inject scripts in module headers/footers that would run for other users.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-24784","reference_id":"","reference_type":"","scores":[{"value":"0.00054","scoring_system":"epss","scoring_elements":"0.17192","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00054","scoring_system":"epss","scoring_elements":"0.17196","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-24784"},{"reference_url":"https://github.com/dnnsoftware/Dnn.Platform","reference_id":"","reference_type":"","scores":[{"value":"6.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/dnnsoftware/Dnn.Platform"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-24784","reference_id":"CVE-2026-24784","reference_type":"","scores":[{"value":"6.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-24784"},{"reference_url":"https://github.com/advisories/GHSA-jjwg-4948-6wxp","reference_id":"GHSA-jjwg-4948-6wxp","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-jjwg-4948-6wxp"},{"reference_url":"https://github.com/dnnsoftware/Dnn.Platform/security/advisories/GHSA-jjwg-4948-6wxp","reference_id":"GHSA-jjwg-4948-6wxp","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N"},{"value":"6.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:L/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-28T15:06:32Z/"}],"url":"https://github.com/dnnsoftware/Dnn.Platform/security/advisories/GHSA-jjwg-4948-6wxp"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/73659?format=json","purl":"pkg:nuget/DotNetNuke.Core@9.13.10","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:nuget/DotNetNuke.Core@9.13.10"},{"url":"http://public2.vulnerablecode.io/api/packages/73660?format=json","purl":"pkg:nuget/DotNetNuke.Core@10.2.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-77qd-hb2k-8uam"},{"vulnerability":"VCID-7u59-m3nn-q3gj"},{"vulnerability":"VCID-k8b8-4muv-gye5"},{"vulnerability":"VCID-s3s5-gwjg-rqgv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:nuget/DotNetNuke.Core@10.2.0"}],"aliases":["CVE-2026-24784","GHSA-jjwg-4948-6wxp"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-q97q-u1zk-rqhd"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/52279?format=json","vulnerability_id":"VCID-qscj-d21p-nfby","summary":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')\nDNN (formerly DotNetNuke) allows XSS.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-5186","reference_id":"","reference_type":"","scores":[{"value":"0.00353","scoring_system":"epss","scoring_elements":"0.57934","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00353","scoring_system":"epss","scoring_elements":"0.57994","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00353","scoring_system":"epss","scoring_elements":"0.57986","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-5186"},{"reference_url":"https://github.com/dnnsoftware/Dnn.Platform/releases","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/dnnsoftware/Dnn.Platform/releases"},{"reference_url":"https://medium.com/@SajjadPourali/dnn-dotnetnuke-cms-not-as-secure-as-you-think-e8516f789175","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://medium.com/@SajjadPourali/dnn-dotnetnuke-cms-not-as-secure-as-you-think-e8516f789175"},{"reference_url":"https://packetstormsecurity.com/files/156483/DotNetNuke-CMS-9.5.0-Cross-Site-Scripting.html","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://packetstormsecurity.com/files/156483/DotNetNuke-CMS-9.5.0-Cross-Site-Scripting.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-5186","reference_id":"CVE-2020-5186","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-5186"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/76732?format=json","purl":"pkg:nuget/DotNetNuke.Core@9.5.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3b3m-76g5-5kfm"},{"vulnerability":"VCID-7u59-m3nn-q3gj"},{"vulnerability":"VCID-cs7y-gg46-r3ca"},{"vulnerability":"VCID-e5pw-7tpb-qyb8"},{"vulnerability":"VCID-erck-k36n-2yd2"},{"vulnerability":"VCID-hdn9-z9eh-abfx"},{"vulnerability":"VCID-k8b8-4muv-gye5"},{"vulnerability":"VCID-kcww-jwz6-97fa"},{"vulnerability":"VCID-ky3u-4syg-3yat"},{"vulnerability":"VCID-m9cg-wd76-zqcy"},{"vulnerability":"VCID-msru-ycnu-zuhe"},{"vulnerability":"VCID-nn2y-9sk9-kugc"},{"vulnerability":"VCID-pnw1-8knr-7qhc"},{"vulnerability":"VCID-q3bw-2pvk-17dg"},{"vulnerability":"VCID-q97q-u1zk-rqhd"},{"vulnerability":"VCID-r799-28wr-23bu"},{"vulnerability":"VCID-s3s5-gwjg-rqgv"},{"vulnerability":"VCID-uc59-7c8z-6kbd"},{"vulnerability":"VCID-v7s2-8wh8-kydw"},{"vulnerability":"VCID-y61z-d6sj-qucc"},{"vulnerability":"VCID-zfex-gefk-byfa"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:nuget/DotNetNuke.Core@9.5.0"},{"url":"http://public2.vulnerablecode.io/api/packages/198370?format=json","purl":"pkg:nuget/DotNetNuke.Core@9.13.0-ci0000","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7u59-m3nn-q3gj"},{"vulnerability":"VCID-cs7y-gg46-r3ca"},{"vulnerability":"VCID-e5pw-7tpb-qyb8"},{"vulnerability":"VCID-erck-k36n-2yd2"},{"vulnerability":"VCID-hdn9-z9eh-abfx"},{"vulnerability":"VCID-k8b8-4muv-gye5"},{"vulnerability":"VCID-m9cg-wd76-zqcy"},{"vulnerability":"VCID-msru-ycnu-zuhe"},{"vulnerability":"VCID-nn2y-9sk9-kugc"},{"vulnerability":"VCID-q3bw-2pvk-17dg"},{"vulnerability":"VCID-q97q-u1zk-rqhd"},{"vulnerability":"VCID-r799-28wr-23bu"},{"vulnerability":"VCID-s3s5-gwjg-rqgv"},{"vulnerability":"VCID-v7s2-8wh8-kydw"},{"vulnerability":"VCID-y61z-d6sj-qucc"},{"vulnerability":"VCID-zfex-gefk-byfa"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:nuget/DotNetNuke.Core@9.13.0-ci0000"}],"aliases":["CVE-2020-5186","GHSA-9phr-h5mx-4fp6"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qscj-d21p-nfby"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/49871?format=json","vulnerability_id":"VCID-r799-28wr-23bu","summary":"DotNetNuke.Core Vulnerable to Stored XSS via Module Title\nModule title supports richtext which could include scripts that would execute in certain scenarios.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-24838","reference_id":"","reference_type":"","scores":[{"value":"0.00055","scoring_system":"epss","scoring_elements":"0.17496","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00055","scoring_system":"epss","scoring_elements":"0.175","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-24838"},{"reference_url":"https://github.com/dnnsoftware/Dnn.Platform","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/dnnsoftware/Dnn.Platform"},{"reference_url":"https://github.com/dnnsoftware/Dnn.Platform/commit/4a4bcbcdf3cedbf702816f8168c4d51bf688f7f6","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/dnnsoftware/Dnn.Platform/commit/4a4bcbcdf3cedbf702816f8168c4d51bf688f7f6"},{"reference_url":"https://github.com/dnnsoftware/Dnn.Platform/releases/tag/v10.2.0","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/dnnsoftware/Dnn.Platform/releases/tag/v10.2.0"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-24838","reference_id":"CVE-2026-24838","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-24838"},{"reference_url":"https://github.com/advisories/GHSA-w9pf-h6m6-v89h","reference_id":"GHSA-w9pf-h6m6-v89h","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-w9pf-h6m6-v89h"},{"reference_url":"https://github.com/dnnsoftware/Dnn.Platform/security/advisories/GHSA-w9pf-h6m6-v89h","reference_id":"GHSA-w9pf-h6m6-v89h","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-01-28T15:03:11Z/"}],"url":"https://github.com/dnnsoftware/Dnn.Platform/security/advisories/GHSA-w9pf-h6m6-v89h"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/73659?format=json","purl":"pkg:nuget/DotNetNuke.Core@9.13.10","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:nuget/DotNetNuke.Core@9.13.10"},{"url":"http://public2.vulnerablecode.io/api/packages/73660?format=json","purl":"pkg:nuget/DotNetNuke.Core@10.2.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-77qd-hb2k-8uam"},{"vulnerability":"VCID-7u59-m3nn-q3gj"},{"vulnerability":"VCID-k8b8-4muv-gye5"},{"vulnerability":"VCID-s3s5-gwjg-rqgv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:nuget/DotNetNuke.Core@10.2.0"}],"aliases":["CVE-2026-24838","GHSA-w9pf-h6m6-v89h"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-r799-28wr-23bu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/90191?format=json","vulnerability_id":"VCID-s3s5-gwjg-rqgv","summary":"DotNetNuke.Core security code analysis rules triggered\nThe codebase raises code analysis warnings related to security, including CA3075, CA5366, CA5371, CA5368, CA5369, CA5372, CA5379, CA5350, and CA5351.\n\nMost of these deal with disabling DTD processing in XML documents, but also includes cryptographic algorithm choices.","references":[{"reference_url":"https://github.com/dnnsoftware/Dnn.Platform","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/dnnsoftware/Dnn.Platform"},{"reference_url":"https://github.com/dnnsoftware/Dnn.Platform/security/advisories/GHSA-fcpv-w245-r2q7","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/dnnsoftware/Dnn.Platform/security/advisories/GHSA-fcpv-w245-r2q7"},{"reference_url":"https://github.com/advisories/GHSA-fcpv-w245-r2q7","reference_id":"GHSA-fcpv-w245-r2q7","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-fcpv-w245-r2q7"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/110262?format=json","purl":"pkg:nuget/DotNetNuke.Core@10.2.2","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:nuget/DotNetNuke.Core@10.2.2"}],"aliases":["GHSA-fcpv-w245-r2q7"],"risk_score":1.4,"exploitability":"0.5","weighted_severity":"2.7","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-s3s5-gwjg-rqgv"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/243329?format=json","vulnerability_id":"VCID-uc59-7c8z-6kbd","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-31858","reference_id":"","reference_type":"","scores":[{"value":"0.00234","scoring_system":"epss","scoring_elements":"0.46422","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00234","scoring_system":"epss","scoring_elements":"0.46488","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00234","scoring_system":"epss","scoring_elements":"0.4649","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-31858"},{"reference_url":"https://www.dnnsoftware.com/community/security/security-center","reference_id":"","reference_type":"","scores":[],"url":"https://www.dnnsoftware.com/community/security/security-center"},{"reference_url":"https://labs.integrity.pt/advisories/cve-2021-31858/","reference_id":"CVE-2021-31858","reference_type":"","scores":[],"url":"https://labs.integrity.pt/advisories/cve-2021-31858/"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-31858","reference_id":"CVE-2021-31858","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-31858"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/198370?format=json","purl":"pkg:nuget/DotNetNuke.Core@9.13.0-ci0000","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7u59-m3nn-q3gj"},{"vulnerability":"VCID-cs7y-gg46-r3ca"},{"vulnerability":"VCID-e5pw-7tpb-qyb8"},{"vulnerability":"VCID-erck-k36n-2yd2"},{"vulnerability":"VCID-hdn9-z9eh-abfx"},{"vulnerability":"VCID-k8b8-4muv-gye5"},{"vulnerability":"VCID-m9cg-wd76-zqcy"},{"vulnerability":"VCID-msru-ycnu-zuhe"},{"vulnerability":"VCID-nn2y-9sk9-kugc"},{"vulnerability":"VCID-q3bw-2pvk-17dg"},{"vulnerability":"VCID-q97q-u1zk-rqhd"},{"vulnerability":"VCID-r799-28wr-23bu"},{"vulnerability":"VCID-s3s5-gwjg-rqgv"},{"vulnerability":"VCID-v7s2-8wh8-kydw"},{"vulnerability":"VCID-y61z-d6sj-qucc"},{"vulnerability":"VCID-zfex-gefk-byfa"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:nuget/DotNetNuke.Core@9.13.0-ci0000"}],"aliases":["CVE-2021-31858"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-uc59-7c8z-6kbd"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/41147?format=json","vulnerability_id":"VCID-uk5d-ubkt-6fhn","summary":"Insufficient Entropy\nDNN (aka DotNetNuke) incorrectly converts encryption key source values, resulting in lower than expected entropy. NOTE: this issue exists because of an incomplete fix for CVE-2018-15812.","references":[{"reference_url":"http://packetstormsecurity.com/files/157080/DotNetNuke-Cookie-Deserialization-Remote-Code-Execution.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://packetstormsecurity.com/files/157080/DotNetNuke-Cookie-Deserialization-Remote-Code-Execution.html"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-18326","reference_id":"","reference_type":"","scores":[{"value":"0.75829","scoring_system":"epss","scoring_elements":"0.9893","published_at":"2026-06-06T12:55:00Z"},{"value":"0.75829","scoring_system":"epss","scoring_elements":"0.98927","published_at":"2026-06-04T12:55:00Z"},{"value":"0.75829","scoring_system":"epss","scoring_elements":"0.98929","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-18326"},{"reference_url":"https://github.com/dnnsoftware/Dnn.Platform/releases","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/dnnsoftware/Dnn.Platform/releases"},{"reference_url":"https://www.dnnsoftware.com/community/security/security-center","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.dnnsoftware.com/community/security/security-center"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2018-18326","reference_id":"CVE-2018-18326","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-18326"},{"reference_url":"https://github.com/advisories/GHSA-xx3h-j3cx-8qfj","reference_id":"GHSA-xx3h-j3cx-8qfj","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-xx3h-j3cx-8qfj"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/58274?format=json","purl":"pkg:nuget/DotNetNuke.Core@9.3.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3b3m-76g5-5kfm"},{"vulnerability":"VCID-3e7c-8uk1-ruch"},{"vulnerability":"VCID-7u59-m3nn-q3gj"},{"vulnerability":"VCID-cs7y-gg46-r3ca"},{"vulnerability":"VCID-e5pw-7tpb-qyb8"},{"vulnerability":"VCID-erck-k36n-2yd2"},{"vulnerability":"VCID-hdn9-z9eh-abfx"},{"vulnerability":"VCID-k8b8-4muv-gye5"},{"vulnerability":"VCID-ky3u-4syg-3yat"},{"vulnerability":"VCID-m5hg-ajyc-3qf1"},{"vulnerability":"VCID-m9cg-wd76-zqcy"},{"vulnerability":"VCID-msru-ycnu-zuhe"},{"vulnerability":"VCID-nn2y-9sk9-kugc"},{"vulnerability":"VCID-pnw1-8knr-7qhc"},{"vulnerability":"VCID-q3bw-2pvk-17dg"},{"vulnerability":"VCID-q97q-u1zk-rqhd"},{"vulnerability":"VCID-qscj-d21p-nfby"},{"vulnerability":"VCID-r799-28wr-23bu"},{"vulnerability":"VCID-s3s5-gwjg-rqgv"},{"vulnerability":"VCID-uc59-7c8z-6kbd"},{"vulnerability":"VCID-v7s2-8wh8-kydw"},{"vulnerability":"VCID-y61z-d6sj-qucc"},{"vulnerability":"VCID-y9ym-w5m9-e3bs"},{"vulnerability":"VCID-zfex-gefk-byfa"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:nuget/DotNetNuke.Core@9.3.0"}],"aliases":["CVE-2018-18326","GHSA-xx3h-j3cx-8qfj"],"risk_score":10.0,"exploitability":"2.0","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-uk5d-ubkt-6fhn"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/57339?format=json","vulnerability_id":"VCID-v7s2-8wh8-kydw","summary":"Reflected Cross-Site Scripting (XSS) in module actions in edit mode\nA specially crafted URL may be constructed which can inject an XSS payload that is triggered by using some module actions.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-48377","reference_id":"","reference_type":"","scores":[{"value":"0.00141","scoring_system":"epss","scoring_elements":"0.33988","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00141","scoring_system":"epss","scoring_elements":"0.34003","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-48377"},{"reference_url":"https://github.com/dnnsoftware/Dnn.Platform","reference_id":"","reference_type":"","scores":[{"value":"6.0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/dnnsoftware/Dnn.Platform"},{"reference_url":"https://github.com/dnnsoftware/Dnn.Platform/commit/351b166492ad4b6509c273dc83211d52238e31a7","reference_id":"","reference_type":"","scores":[{"value":"6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N"},{"value":"6.0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-23T15:51:04Z/"}],"url":"https://github.com/dnnsoftware/Dnn.Platform/commit/351b166492ad4b6509c273dc83211d52238e31a7"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-48377","reference_id":"CVE-2025-48377","reference_type":"","scores":[{"value":"6.0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-48377"},{"reference_url":"https://github.com/advisories/GHSA-79m3-rvx2-3qq9","reference_id":"GHSA-79m3-rvx2-3qq9","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-79m3-rvx2-3qq9"},{"reference_url":"https://github.com/dnnsoftware/Dnn.Platform/security/advisories/GHSA-79m3-rvx2-3qq9","reference_id":"GHSA-79m3-rvx2-3qq9","reference_type":"","scores":[{"value":"6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N"},{"value":"6.0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-23T15:51:04Z/"}],"url":"https://github.com/dnnsoftware/Dnn.Platform/security/advisories/GHSA-79m3-rvx2-3qq9"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/73694?format=json","purl":"pkg:nuget/DotNetNuke.Core@9.13.9","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7u59-m3nn-q3gj"},{"vulnerability":"VCID-cs7y-gg46-r3ca"},{"vulnerability":"VCID-e5pw-7tpb-qyb8"},{"vulnerability":"VCID-erck-k36n-2yd2"},{"vulnerability":"VCID-k8b8-4muv-gye5"},{"vulnerability":"VCID-m9cg-wd76-zqcy"},{"vulnerability":"VCID-msru-ycnu-zuhe"},{"vulnerability":"VCID-q3bw-2pvk-17dg"},{"vulnerability":"VCID-q97q-u1zk-rqhd"},{"vulnerability":"VCID-r799-28wr-23bu"},{"vulnerability":"VCID-s3s5-gwjg-rqgv"},{"vulnerability":"VCID-y61z-d6sj-qucc"},{"vulnerability":"VCID-zfex-gefk-byfa"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:nuget/DotNetNuke.Core@9.13.9"}],"aliases":["CVE-2025-48377","GHSA-79m3-rvx2-3qq9"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-v7s2-8wh8-kydw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/47841?format=json","vulnerability_id":"VCID-y61z-d6sj-qucc","summary":"DNN vulnerable to Reflected Cross-Site Scripting (XSS) using url to profile\nA reflected cross-site scripting (XSS) vulnerability exists under certain conditions, using a specially crafter url to view a user profile","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-59821","reference_id":"","reference_type":"","scores":[{"value":"0.00031","scoring_system":"epss","scoring_elements":"0.09416","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00031","scoring_system":"epss","scoring_elements":"0.09399","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-59821"},{"reference_url":"https://github.com/dnnsoftware/Dnn.Platform","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/dnnsoftware/Dnn.Platform"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-59821","reference_id":"CVE-2025-59821","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-59821"},{"reference_url":"https://github.com/advisories/GHSA-jc4g-c8ww-5738","reference_id":"GHSA-jc4g-c8ww-5738","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-jc4g-c8ww-5738"},{"reference_url":"https://github.com/dnnsoftware/Dnn.Platform/security/advisories/GHSA-jc4g-c8ww-5738","reference_id":"GHSA-jc4g-c8ww-5738","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-23T18:29:53Z/"}],"url":"https://github.com/dnnsoftware/Dnn.Platform/security/advisories/GHSA-jc4g-c8ww-5738"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/70574?format=json","purl":"pkg:nuget/DotNetNuke.Core@10.1.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-77qd-hb2k-8uam"},{"vulnerability":"VCID-7u59-m3nn-q3gj"},{"vulnerability":"VCID-cs7y-gg46-r3ca"},{"vulnerability":"VCID-e5pw-7tpb-qyb8"},{"vulnerability":"VCID-k8b8-4muv-gye5"},{"vulnerability":"VCID-q3bw-2pvk-17dg"},{"vulnerability":"VCID-q97q-u1zk-rqhd"},{"vulnerability":"VCID-r799-28wr-23bu"},{"vulnerability":"VCID-s3s5-gwjg-rqgv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:nuget/DotNetNuke.Core@10.1.0"}],"aliases":["CVE-2025-59821","GHSA-jc4g-c8ww-5738"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-y61z-d6sj-qucc"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/52289?format=json","vulnerability_id":"VCID-y9ym-w5m9-e3bs","summary":"Incorrect Resource Transfer Between Spheres\nDNN (formerly DotNetNuke) has Insecure Permissions.","references":[{"reference_url":"http://packetstormsecurity.com/files/156484/DotNetNuke-CMS-9.5.0-File-Extension-Check-Bypass.html","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://packetstormsecurity.com/files/156484/DotNetNuke-CMS-9.5.0-File-Extension-Check-Bypass.html"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-5188","reference_id":"","reference_type":"","scores":[{"value":"0.00254","scoring_system":"epss","scoring_elements":"0.48956","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00254","scoring_system":"epss","scoring_elements":"0.48947","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00254","scoring_system":"epss","scoring_elements":"0.48886","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-5188"},{"reference_url":"https://github.com/dnnsoftware/Dnn.Platform","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/dnnsoftware/Dnn.Platform"},{"reference_url":"https://github.com/dnnsoftware/Dnn.Platform/releases","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/dnnsoftware/Dnn.Platform/releases"},{"reference_url":"https://medium.com/@SajjadPourali/dnn-dotnetnuke-cms-not-as-secure-as-you-think-e8516f789175","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://medium.com/@SajjadPourali/dnn-dotnetnuke-cms-not-as-secure-as-you-think-e8516f789175"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-5188","reference_id":"CVE-2020-5188","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-5188"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/76732?format=json","purl":"pkg:nuget/DotNetNuke.Core@9.5.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3b3m-76g5-5kfm"},{"vulnerability":"VCID-7u59-m3nn-q3gj"},{"vulnerability":"VCID-cs7y-gg46-r3ca"},{"vulnerability":"VCID-e5pw-7tpb-qyb8"},{"vulnerability":"VCID-erck-k36n-2yd2"},{"vulnerability":"VCID-hdn9-z9eh-abfx"},{"vulnerability":"VCID-k8b8-4muv-gye5"},{"vulnerability":"VCID-kcww-jwz6-97fa"},{"vulnerability":"VCID-ky3u-4syg-3yat"},{"vulnerability":"VCID-m9cg-wd76-zqcy"},{"vulnerability":"VCID-msru-ycnu-zuhe"},{"vulnerability":"VCID-nn2y-9sk9-kugc"},{"vulnerability":"VCID-pnw1-8knr-7qhc"},{"vulnerability":"VCID-q3bw-2pvk-17dg"},{"vulnerability":"VCID-q97q-u1zk-rqhd"},{"vulnerability":"VCID-r799-28wr-23bu"},{"vulnerability":"VCID-s3s5-gwjg-rqgv"},{"vulnerability":"VCID-uc59-7c8z-6kbd"},{"vulnerability":"VCID-v7s2-8wh8-kydw"},{"vulnerability":"VCID-y61z-d6sj-qucc"},{"vulnerability":"VCID-zfex-gefk-byfa"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:nuget/DotNetNuke.Core@9.5.0"},{"url":"http://public2.vulnerablecode.io/api/packages/198370?format=json","purl":"pkg:nuget/DotNetNuke.Core@9.13.0-ci0000","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7u59-m3nn-q3gj"},{"vulnerability":"VCID-cs7y-gg46-r3ca"},{"vulnerability":"VCID-e5pw-7tpb-qyb8"},{"vulnerability":"VCID-erck-k36n-2yd2"},{"vulnerability":"VCID-hdn9-z9eh-abfx"},{"vulnerability":"VCID-k8b8-4muv-gye5"},{"vulnerability":"VCID-m9cg-wd76-zqcy"},{"vulnerability":"VCID-msru-ycnu-zuhe"},{"vulnerability":"VCID-nn2y-9sk9-kugc"},{"vulnerability":"VCID-q3bw-2pvk-17dg"},{"vulnerability":"VCID-q97q-u1zk-rqhd"},{"vulnerability":"VCID-r799-28wr-23bu"},{"vulnerability":"VCID-s3s5-gwjg-rqgv"},{"vulnerability":"VCID-v7s2-8wh8-kydw"},{"vulnerability":"VCID-y61z-d6sj-qucc"},{"vulnerability":"VCID-zfex-gefk-byfa"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:nuget/DotNetNuke.Core@9.13.0-ci0000"}],"aliases":["CVE-2020-5188","GHSA-vjcm-j85r-7p68"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-y9ym-w5m9-e3bs"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/47839?format=json","vulnerability_id":"VCID-zfex-gefk-byfa","summary":"DNN Vulnerable to Stored XSS Using Backend Admin Credentials\nUsers that can edit modules could set a title that includes scripts.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-59546","reference_id":"","reference_type":"","scores":[{"value":"0.00025","scoring_system":"epss","scoring_elements":"0.07574","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00025","scoring_system":"epss","scoring_elements":"0.07566","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-59546"},{"reference_url":"https://github.com/dnnsoftware/Dnn.Platform","reference_id":"","reference_type":"","scores":[{"value":"2.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/dnnsoftware/Dnn.Platform"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-59546","reference_id":"CVE-2025-59546","reference_type":"","scores":[{"value":"2.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-59546"},{"reference_url":"https://github.com/advisories/GHSA-gj8m-5492-q98h","reference_id":"GHSA-gj8m-5492-q98h","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-gj8m-5492-q98h"},{"reference_url":"https://github.com/dnnsoftware/Dnn.Platform/security/advisories/GHSA-gj8m-5492-q98h","reference_id":"GHSA-gj8m-5492-q98h","reference_type":"","scores":[{"value":"2.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N"},{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-23T18:30:03Z/"}],"url":"https://github.com/dnnsoftware/Dnn.Platform/security/advisories/GHSA-gj8m-5492-q98h"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/70574?format=json","purl":"pkg:nuget/DotNetNuke.Core@10.1.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-77qd-hb2k-8uam"},{"vulnerability":"VCID-7u59-m3nn-q3gj"},{"vulnerability":"VCID-cs7y-gg46-r3ca"},{"vulnerability":"VCID-e5pw-7tpb-qyb8"},{"vulnerability":"VCID-k8b8-4muv-gye5"},{"vulnerability":"VCID-q3bw-2pvk-17dg"},{"vulnerability":"VCID-q97q-u1zk-rqhd"},{"vulnerability":"VCID-r799-28wr-23bu"},{"vulnerability":"VCID-s3s5-gwjg-rqgv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:nuget/DotNetNuke.Core@10.1.0"}],"aliases":["CVE-2025-59546","GHSA-gj8m-5492-q98h"],"risk_score":1.4,"exploitability":"0.5","weighted_severity":"2.7","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-zfex-gefk-byfa"}],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/40040?format=json","vulnerability_id":"VCID-xn9v-vadd-zyd1","summary":"DNN (aka DotNetNuke) suffers from a Server-Side Request Forgery (SSRF) vulnerability in the DnnImageHandler class. Attackers may be able to access information about internal network resources.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-0929","reference_id":"","reference_type":"","scores":[{"value":"0.92183","scoring_system":"epss","scoring_elements":"0.99727","published_at":"2026-06-06T12:55:00Z"},{"value":"0.92183","scoring_system":"epss","scoring_elements":"0.99728","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-0929"},{"reference_url":"https://github.com/advisories/GHSA-g8j6-m4p7-5rfq","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-g8j6-m4p7-5rfq"},{"reference_url":"https://github.com/dnnsoftware/Dnn.Platform","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/dnnsoftware/Dnn.Platform"},{"reference_url":"https://github.com/dnnsoftware/Dnn.Platform/commit/d3953db85fee77bb5e6383747692c507ef8b94c3","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/dnnsoftware/Dnn.Platform/commit/d3953db85fee77bb5e6383747692c507ef8b94c3"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-0929","reference_id":"CVE-2017-0929","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-0929"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/57623?format=json","purl":"pkg:nuget/DotNetNuke.Core@9.2.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-dnf9-9hrt-1qfx"},{"vulnerability":"VCID-jw1r-pvtw-d3bz"},{"vulnerability":"VCID-uk5d-ubkt-6fhn"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:nuget/DotNetNuke.Core@9.2.0"},{"url":"http://public2.vulnerablecode.io/api/packages/56012?format=json","purl":"pkg:nuget/DotNetNuke.Core@9.2.0.366","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2dnh-g597-juce"},{"vulnerability":"VCID-3b3m-76g5-5kfm"},{"vulnerability":"VCID-3e7c-8uk1-ruch"},{"vulnerability":"VCID-7u59-m3nn-q3gj"},{"vulnerability":"VCID-cs7y-gg46-r3ca"},{"vulnerability":"VCID-dnf9-9hrt-1qfx"},{"vulnerability":"VCID-e5pw-7tpb-qyb8"},{"vulnerability":"VCID-erck-k36n-2yd2"},{"vulnerability":"VCID-hdn9-z9eh-abfx"},{"vulnerability":"VCID-jw1r-pvtw-d3bz"},{"vulnerability":"VCID-k8b8-4muv-gye5"},{"vulnerability":"VCID-ky3u-4syg-3yat"},{"vulnerability":"VCID-m5hg-ajyc-3qf1"},{"vulnerability":"VCID-m9cg-wd76-zqcy"},{"vulnerability":"VCID-msru-ycnu-zuhe"},{"vulnerability":"VCID-nn2y-9sk9-kugc"},{"vulnerability":"VCID-pnw1-8knr-7qhc"},{"vulnerability":"VCID-q3bw-2pvk-17dg"},{"vulnerability":"VCID-q97q-u1zk-rqhd"},{"vulnerability":"VCID-qscj-d21p-nfby"},{"vulnerability":"VCID-r799-28wr-23bu"},{"vulnerability":"VCID-s3s5-gwjg-rqgv"},{"vulnerability":"VCID-uc59-7c8z-6kbd"},{"vulnerability":"VCID-uk5d-ubkt-6fhn"},{"vulnerability":"VCID-v7s2-8wh8-kydw"},{"vulnerability":"VCID-y61z-d6sj-qucc"},{"vulnerability":"VCID-y9ym-w5m9-e3bs"},{"vulnerability":"VCID-zfex-gefk-byfa"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:nuget/DotNetNuke.Core@9.2.0.366"}],"aliases":["CVE-2017-0929","GHSA-g8j6-m4p7-5rfq"],"risk_score":10.0,"exploitability":"2.0","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-xn9v-vadd-zyd1"}],"risk_score":"10.0","resource_url":"http://public2.vulnerablecode.io/packages/pkg:nuget/DotNetNuke.Core@9.2.0.366"}