{"url":"http://public2.vulnerablecode.io/api/packages/589051?format=json","purl":"pkg:nuget/DotNetNuke.Core@9.6.2","type":"nuget","namespace":"","name":"DotNetNuke.Core","version":"9.6.2","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"10.2.2","latest_non_vulnerable_version":"10.2.2","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/108945?format=json","vulnerability_id":"VCID-3b3m-76g5-5kfm","summary":"DNN vulnerable to Relative Path Traversal\nDNN (GitHub repository dnnsoftware/dnn.platform) prior to 9.11.0 is vulnerable to Relative Path Traversal. Version 9.11.0 contains a patch for this issue.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-2922","reference_id":"","reference_type":"","scores":[{"value":"0.00453","scoring_system":"epss","scoring_elements":"0.64124","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00453","scoring_system":"epss","scoring_elements":"0.64126","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00453","scoring_system":"epss","scoring_elements":"0.64083","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00453","scoring_system":"epss","scoring_elements":"0.64135","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-2922"},{"reference_url":"https://github.com/dnnsoftware/dnn.platform","reference_id":"","reference_type":"","scores":[{"value":"4.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/dnnsoftware/dnn.platform"},{"reference_url":"https://github.com/dnnsoftware/Dnn.Platform/commit/3697c5344cef8d49214230f0cc2efcd9e93a00a8","reference_id":"","reference_type":"","scores":[{"value":"4.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/dnnsoftware/Dnn.Platform/commit/3697c5344cef8d49214230f0cc2efcd9e93a00a8"},{"reference_url":"https://github.com/dnnsoftware/dnn.platform/commit/9b17351592fbde376506ba6705dbcc7a74a2a195","reference_id":"","reference_type":"","scores":[{"value":"4.9","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N"},{"value":"4.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-20T16:03:27Z/"}],"url":"https://github.com/dnnsoftware/dnn.platform/commit/9b17351592fbde376506ba6705dbcc7a74a2a195"},{"reference_url":"https://huntr.dev/bounties/74918f40-dc11-4218-abef-064eb71a0703","reference_id":"","reference_type":"","scores":[{"value":"4.9","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N"},{"value":"4.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-20T16:03:27Z/"}],"url":"https://huntr.dev/bounties/74918f40-dc11-4218-abef-064eb71a0703"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-2922","reference_id":"","reference_type":"","scores":[{"value":"4.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-2922"},{"reference_url":"https://github.com/advisories/GHSA-9w72-2f23-57gm","reference_id":"GHSA-9w72-2f23-57gm","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-9w72-2f23-57gm"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/145123?format=json","purl":"pkg:nuget/DotNetNuke.Core@9.11.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7u59-m3nn-q3gj"},{"vulnerability":"VCID-cs7y-gg46-r3ca"},{"vulnerability":"VCID-e5pw-7tpb-qyb8"},{"vulnerability":"VCID-erck-k36n-2yd2"},{"vulnerability":"VCID-hdn9-z9eh-abfx"},{"vulnerability":"VCID-k8b8-4muv-gye5"},{"vulnerability":"VCID-m9cg-wd76-zqcy"},{"vulnerability":"VCID-msru-ycnu-zuhe"},{"vulnerability":"VCID-nn2y-9sk9-kugc"},{"vulnerability":"VCID-q3bw-2pvk-17dg"},{"vulnerability":"VCID-q97q-u1zk-rqhd"},{"vulnerability":"VCID-r799-28wr-23bu"},{"vulnerability":"VCID-s3s5-gwjg-rqgv"},{"vulnerability":"VCID-v7s2-8wh8-kydw"},{"vulnerability":"VCID-y61z-d6sj-qucc"},{"vulnerability":"VCID-zfex-gefk-byfa"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:nuget/DotNetNuke.Core@9.11.0"}],"aliases":["CVE-2022-2922","GHSA-9w72-2f23-57gm"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-3b3m-76g5-5kfm"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/89773?format=json","vulnerability_id":"VCID-7u59-m3nn-q3gj","summary":"DotNetNuke.Core has stored cross-site-scripting (XSS) via SVG upload\nDNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Prior to version 10.2.2, a user could upload a specially crafted SVG file that could include scripts that can target both authenticated and unauthenticated DNN users. The impact is increased if the scripts are run by a power user. Version 10.2.2 patches the issue.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-40321","reference_id":"","reference_type":"","scores":[{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.0611","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.06122","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-40321"},{"reference_url":"https://github.com/dnnsoftware/Dnn.Platform","reference_id":"","reference_type":"","scores":[{"value":"8.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/dnnsoftware/Dnn.Platform"},{"reference_url":"https://github.com/dnnsoftware/Dnn.Platform/releases/tag/v10.2.2","reference_id":"","reference_type":"","scores":[{"value":"8.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H"},{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-20T16:00:34Z/"}],"url":"https://github.com/dnnsoftware/Dnn.Platform/releases/tag/v10.2.2"},{"reference_url":"https://github.com/dnnsoftware/Dnn.Platform/security/advisories/GHSA-ffq7-898w-9jc4","reference_id":"","reference_type":"","scores":[{"value":"8.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H"},{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-20T16:00:34Z/"}],"url":"https://github.com/dnnsoftware/Dnn.Platform/security/advisories/GHSA-ffq7-898w-9jc4"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-40321","reference_id":"","reference_type":"","scores":[{"value":"8.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-40321"},{"reference_url":"https://github.com/advisories/GHSA-ffq7-898w-9jc4","reference_id":"GHSA-ffq7-898w-9jc4","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-ffq7-898w-9jc4"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/110262?format=json","purl":"pkg:nuget/DotNetNuke.Core@10.2.2","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:nuget/DotNetNuke.Core@10.2.2"}],"aliases":["CVE-2026-40321","GHSA-ffq7-898w-9jc4"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-7u59-m3nn-q3gj"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/49885?format=json","vulnerability_id":"VCID-cs7y-gg46-r3ca","summary":"DotNetNuke.Core Vulnerable to Stored XSS in Scheduler LogNotes\nExtensions could write richtext in log notes which can include scripts that would run in the PersonaBar when displayed.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-24836","reference_id":"","reference_type":"","scores":[{"value":"0.00017","scoring_system":"epss","scoring_elements":"0.04147","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00017","scoring_system":"epss","scoring_elements":"0.04161","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-24836"},{"reference_url":"https://github.com/dnnsoftware/Dnn.Platform","reference_id":"","reference_type":"","scores":[{"value":"7.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/dnnsoftware/Dnn.Platform"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-24836","reference_id":"CVE-2026-24836","reference_type":"","scores":[{"value":"7.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-24836"},{"reference_url":"https://github.com/advisories/GHSA-2g5g-hcgh-q3rp","reference_id":"GHSA-2g5g-hcgh-q3rp","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-2g5g-hcgh-q3rp"},{"reference_url":"https://github.com/dnnsoftware/Dnn.Platform/security/advisories/GHSA-2g5g-hcgh-q3rp","reference_id":"GHSA-2g5g-hcgh-q3rp","reference_type":"","scores":[{"value":"7.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H"},{"value":"7.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-01-28T21:04:00Z/"}],"url":"https://github.com/dnnsoftware/Dnn.Platform/security/advisories/GHSA-2g5g-hcgh-q3rp"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/73660?format=json","purl":"pkg:nuget/DotNetNuke.Core@10.2.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-77qd-hb2k-8uam"},{"vulnerability":"VCID-7u59-m3nn-q3gj"},{"vulnerability":"VCID-k8b8-4muv-gye5"},{"vulnerability":"VCID-s3s5-gwjg-rqgv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:nuget/DotNetNuke.Core@10.2.0"}],"aliases":["CVE-2026-24836","GHSA-2g5g-hcgh-q3rp"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-cs7y-gg46-r3ca"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/48225?format=json","vulnerability_id":"VCID-e5pw-7tpb-qyb8","summary":"DNN vulnerable to stored cross-site-scripting (XSS) via SVG upload\nSanitization of the content of uploaded SVG files was not covering all possible XSS scenarios.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-64094","reference_id":"","reference_type":"","scores":[{"value":"0.00025","scoring_system":"epss","scoring_elements":"0.07527","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00025","scoring_system":"epss","scoring_elements":"0.07548","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00025","scoring_system":"epss","scoring_elements":"0.0754","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-64094"},{"reference_url":"https://github.com/dnnsoftware/Dnn.Platform","reference_id":"","reference_type":"","scores":[{"value":"6.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/dnnsoftware/Dnn.Platform"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-64094","reference_id":"CVE-2025-64094","reference_type":"","scores":[{"value":"6.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-64094"},{"reference_url":"https://github.com/advisories/GHSA-hmvq-8p83-cq52","reference_id":"GHSA-hmvq-8p83-cq52","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-hmvq-8p83-cq52"},{"reference_url":"https://github.com/dnnsoftware/Dnn.Platform/security/advisories/GHSA-hmvq-8p83-cq52","reference_id":"GHSA-hmvq-8p83-cq52","reference_type":"","scores":[{"value":"6.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-29T14:51:54Z/"}],"url":"https://github.com/dnnsoftware/Dnn.Platform/security/advisories/GHSA-hmvq-8p83-cq52"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/71228?format=json","purl":"pkg:nuget/DotNetNuke.Core@10.1.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-77qd-hb2k-8uam"},{"vulnerability":"VCID-7u59-m3nn-q3gj"},{"vulnerability":"VCID-cs7y-gg46-r3ca"},{"vulnerability":"VCID-k8b8-4muv-gye5"},{"vulnerability":"VCID-q3bw-2pvk-17dg"},{"vulnerability":"VCID-q97q-u1zk-rqhd"},{"vulnerability":"VCID-r799-28wr-23bu"},{"vulnerability":"VCID-s3s5-gwjg-rqgv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:nuget/DotNetNuke.Core@10.1.1"}],"aliases":["CVE-2025-64094","GHSA-hmvq-8p83-cq52"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-e5pw-7tpb-qyb8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/47830?format=json","vulnerability_id":"VCID-erck-k36n-2yd2","summary":"DNN allows loading unused themes on anonymous clients through query parameters\nArbitrary themes can be loaded through query parameters. If an installed theme had a vulnerability, even if it was not used on any page, this could be loaded on unsuspecting clients without knowledge of the site owner.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-59535","reference_id":"","reference_type":"","scores":[{"value":"0.00107","scoring_system":"epss","scoring_elements":"0.28453","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00107","scoring_system":"epss","scoring_elements":"0.28414","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00107","scoring_system":"epss","scoring_elements":"0.28494","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-59535"},{"reference_url":"https://dnncommunity.org/?SkinSrc=%5BG%5Dskins%2Fxcillion%2Fhome&ContainerSrc=%5BG%5DContainers%2FXcillion%2FNoTitle","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://dnncommunity.org/?SkinSrc=%5BG%5Dskins%2Fxcillion%2Fhome&ContainerSrc=%5BG%5DContainers%2FXcillion%2FNoTitle"},{"reference_url":"https://github.com/dnnsoftware/Dnn.Platform","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/dnnsoftware/Dnn.Platform"},{"reference_url":"https://github.com/dnnsoftware/Dnn.Platform/blob/develop/DNN%20Platform/Library/UI/Skins/Skin.cs#L305","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-09-23T20:08:12Z/"}],"url":"https://github.com/dnnsoftware/Dnn.Platform/blob/develop/DNN%20Platform/Library/UI/Skins/Skin.cs#L305"},{"reference_url":"https://github.com/dnnsoftware/Dnn.Platform/commit/72f30f69fd2214d77f6c2577dfcca495a24caf5c","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-09-23T20:08:12Z/"}],"url":"https://github.com/dnnsoftware/Dnn.Platform/commit/72f30f69fd2214d77f6c2577dfcca495a24caf5c"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-59535","reference_id":"CVE-2025-59535","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-59535"},{"reference_url":"https://github.com/advisories/GHSA-wq2j-w9pm-7x2p","reference_id":"GHSA-wq2j-w9pm-7x2p","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-wq2j-w9pm-7x2p"},{"reference_url":"https://github.com/dnnsoftware/Dnn.Platform/security/advisories/GHSA-wq2j-w9pm-7x2p","reference_id":"GHSA-wq2j-w9pm-7x2p","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-09-23T20:08:12Z/"}],"url":"https://github.com/dnnsoftware/Dnn.Platform/security/advisories/GHSA-wq2j-w9pm-7x2p"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/70574?format=json","purl":"pkg:nuget/DotNetNuke.Core@10.1.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-77qd-hb2k-8uam"},{"vulnerability":"VCID-7u59-m3nn-q3gj"},{"vulnerability":"VCID-cs7y-gg46-r3ca"},{"vulnerability":"VCID-e5pw-7tpb-qyb8"},{"vulnerability":"VCID-k8b8-4muv-gye5"},{"vulnerability":"VCID-q3bw-2pvk-17dg"},{"vulnerability":"VCID-q97q-u1zk-rqhd"},{"vulnerability":"VCID-r799-28wr-23bu"},{"vulnerability":"VCID-s3s5-gwjg-rqgv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:nuget/DotNetNuke.Core@10.1.0"}],"aliases":["CVE-2025-59535","GHSA-wq2j-w9pm-7x2p"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-erck-k36n-2yd2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/57111?format=json","vulnerability_id":"VCID-hdn9-z9eh-abfx","summary":"DotNetNuke.Core Vulnerable to Server-Side Request Forgery (SSRF)\nA bypass has been identified for the previously known vulnerability CVE-2017-0929, allowing unauthenticated attackers to execute arbitrary GET requests against target systems, including internal or adjacent networks.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-32372","reference_id":"","reference_type":"","scores":[{"value":"0.00102","scoring_system":"epss","scoring_elements":"0.27626","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00102","scoring_system":"epss","scoring_elements":"0.27663","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00102","scoring_system":"epss","scoring_elements":"0.27715","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-32372"},{"reference_url":"https://github.com/dnnsoftware/Dnn.Platform","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/dnnsoftware/Dnn.Platform"},{"reference_url":"https://github.com/dnnsoftware/Dnn.Platform/commit/4721dd9eef846936d3b1a3676499e46968d15feb","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-09T15:39:52Z/"}],"url":"https://github.com/dnnsoftware/Dnn.Platform/commit/4721dd9eef846936d3b1a3676499e46968d15feb"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-32372","reference_id":"CVE-2025-32372","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-32372"},{"reference_url":"https://github.com/advisories/GHSA-3f7v-qx94-666m","reference_id":"GHSA-3f7v-qx94-666m","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-3f7v-qx94-666m"},{"reference_url":"https://github.com/dnnsoftware/Dnn.Platform/security/advisories/GHSA-3f7v-qx94-666m","reference_id":"GHSA-3f7v-qx94-666m","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-09T15:39:52Z/"}],"url":"https://github.com/dnnsoftware/Dnn.Platform/security/advisories/GHSA-3f7v-qx94-666m"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/84801?format=json","purl":"pkg:nuget/DotNetNuke.Core@9.13.8","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7u59-m3nn-q3gj"},{"vulnerability":"VCID-cs7y-gg46-r3ca"},{"vulnerability":"VCID-e5pw-7tpb-qyb8"},{"vulnerability":"VCID-erck-k36n-2yd2"},{"vulnerability":"VCID-k8b8-4muv-gye5"},{"vulnerability":"VCID-m9cg-wd76-zqcy"},{"vulnerability":"VCID-msru-ycnu-zuhe"},{"vulnerability":"VCID-nn2y-9sk9-kugc"},{"vulnerability":"VCID-q3bw-2pvk-17dg"},{"vulnerability":"VCID-q97q-u1zk-rqhd"},{"vulnerability":"VCID-r799-28wr-23bu"},{"vulnerability":"VCID-s3s5-gwjg-rqgv"},{"vulnerability":"VCID-v7s2-8wh8-kydw"},{"vulnerability":"VCID-y61z-d6sj-qucc"},{"vulnerability":"VCID-zfex-gefk-byfa"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:nuget/DotNetNuke.Core@9.13.8"}],"aliases":["CVE-2025-32372","GHSA-3f7v-qx94-666m"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-hdn9-z9eh-abfx"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/90281?format=json","vulnerability_id":"VCID-k8b8-4muv-gye5","summary":"DNN: Force Friend Request Acceptance\nDNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Starting in version 6.0.0 and prior to version 10.2.2, in the friends feature, a user could craft a request that would force the acceptance of a friend request on another user. Version 10.2.2 patches the issue.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-40305","reference_id":"","reference_type":"","scores":[{"value":"0.00034","scoring_system":"epss","scoring_elements":"0.10536","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00034","scoring_system":"epss","scoring_elements":"0.10515","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-40305"},{"reference_url":"https://github.com/dnnsoftware/Dnn.Platform","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/dnnsoftware/Dnn.Platform"},{"reference_url":"https://github.com/dnnsoftware/Dnn.Platform/releases/tag/v10.2.2","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-20T13:22:45Z/"}],"url":"https://github.com/dnnsoftware/Dnn.Platform/releases/tag/v10.2.2"},{"reference_url":"https://github.com/dnnsoftware/Dnn.Platform/security/advisories/GHSA-fpj4-9qhx-5m6m","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-20T13:22:45Z/"}],"url":"https://github.com/dnnsoftware/Dnn.Platform/security/advisories/GHSA-fpj4-9qhx-5m6m"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-40305","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-40305"},{"reference_url":"https://github.com/advisories/GHSA-fpj4-9qhx-5m6m","reference_id":"GHSA-fpj4-9qhx-5m6m","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-fpj4-9qhx-5m6m"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/110262?format=json","purl":"pkg:nuget/DotNetNuke.Core@10.2.2","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:nuget/DotNetNuke.Core@10.2.2"}],"aliases":["CVE-2026-40305","GHSA-fpj4-9qhx-5m6m"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-k8b8-4muv-gye5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/44931?format=json","vulnerability_id":"VCID-ky3u-4syg-3yat","summary":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')\nAn arbitrary file upload vulnerability in the Digital Assets Manager module of DNN Corp DotNetNuke v7.0.0 to v9.10.2 allows attackers to execute arbitrary code via a crafted SVG file.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-47053","reference_id":"","reference_type":"","scores":[{"value":"0.00738","scoring_system":"epss","scoring_elements":"0.73224","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00738","scoring_system":"epss","scoring_elements":"0.73261","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00738","scoring_system":"epss","scoring_elements":"0.73267","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00738","scoring_system":"epss","scoring_elements":"0.73249","published_at":"2026-06-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-47053"},{"reference_url":"https://www.dnnsoftware.com/community/security/security-center","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-10T16:43:29Z/"}],"url":"https://www.dnnsoftware.com/community/security/security-center"},{"reference_url":"https://www.dnnsoftware.com/community/security/security-center#:~:text=XSS%20in%20Digital%20Asset%20Manager","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-10T16:43:29Z/"}],"url":"https://www.dnnsoftware.com/community/security/security-center#:~:text=XSS%20in%20Digital%20Asset%20Manager"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-47053","reference_id":"CVE-2022-47053","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-47053"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/145123?format=json","purl":"pkg:nuget/DotNetNuke.Core@9.11.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7u59-m3nn-q3gj"},{"vulnerability":"VCID-cs7y-gg46-r3ca"},{"vulnerability":"VCID-e5pw-7tpb-qyb8"},{"vulnerability":"VCID-erck-k36n-2yd2"},{"vulnerability":"VCID-hdn9-z9eh-abfx"},{"vulnerability":"VCID-k8b8-4muv-gye5"},{"vulnerability":"VCID-m9cg-wd76-zqcy"},{"vulnerability":"VCID-msru-ycnu-zuhe"},{"vulnerability":"VCID-nn2y-9sk9-kugc"},{"vulnerability":"VCID-q3bw-2pvk-17dg"},{"vulnerability":"VCID-q97q-u1zk-rqhd"},{"vulnerability":"VCID-r799-28wr-23bu"},{"vulnerability":"VCID-s3s5-gwjg-rqgv"},{"vulnerability":"VCID-v7s2-8wh8-kydw"},{"vulnerability":"VCID-y61z-d6sj-qucc"},{"vulnerability":"VCID-zfex-gefk-byfa"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:nuget/DotNetNuke.Core@9.11.0"}],"aliases":["CVE-2022-47053"],"risk_score":1.4,"exploitability":"0.5","weighted_severity":"2.7","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ky3u-4syg-3yat"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/47823?format=json","vulnerability_id":"VCID-m9cg-wd76-zqcy","summary":"Duplicate\nThis advisory duplicates another.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-59539","reference_id":"","reference_type":"","scores":[{"value":"0.00027","scoring_system":"epss","scoring_elements":"0.08238","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00027","scoring_system":"epss","scoring_elements":"0.08259","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00027","scoring_system":"epss","scoring_elements":"0.08247","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-59539"},{"reference_url":"https://github.com/dnnsoftware/Dnn.Platform","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/dnnsoftware/Dnn.Platform"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-59539","reference_id":"CVE-2025-59539","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-59539"},{"reference_url":"https://github.com/advisories/GHSA-7rcc-q6rq-jpcm","reference_id":"GHSA-7rcc-q6rq-jpcm","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-7rcc-q6rq-jpcm"},{"reference_url":"https://github.com/dnnsoftware/Dnn.Platform/security/advisories/GHSA-7rcc-q6rq-jpcm","reference_id":"GHSA-7rcc-q6rq-jpcm","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-23T18:30:23Z/"}],"url":"https://github.com/dnnsoftware/Dnn.Platform/security/advisories/GHSA-7rcc-q6rq-jpcm"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/70574?format=json","purl":"pkg:nuget/DotNetNuke.Core@10.1.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-77qd-hb2k-8uam"},{"vulnerability":"VCID-7u59-m3nn-q3gj"},{"vulnerability":"VCID-cs7y-gg46-r3ca"},{"vulnerability":"VCID-e5pw-7tpb-qyb8"},{"vulnerability":"VCID-k8b8-4muv-gye5"},{"vulnerability":"VCID-q3bw-2pvk-17dg"},{"vulnerability":"VCID-q97q-u1zk-rqhd"},{"vulnerability":"VCID-r799-28wr-23bu"},{"vulnerability":"VCID-s3s5-gwjg-rqgv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:nuget/DotNetNuke.Core@10.1.0"}],"aliases":["CVE-2025-59539","GHSA-7rcc-q6rq-jpcm"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-m9cg-wd76-zqcy"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/47837?format=json","vulnerability_id":"VCID-msru-ycnu-zuhe","summary":"DNN Vulnerable to Stored Cross-Site Scripting (XSS) in the Prompt module\nThe Prompt module allows execution of commands that can return raw HTML. Malicious input, even if sanitized for display elsewhere, can be executed when processed through certain commands, leading to potential script execution (XSS).","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-59545","reference_id":"","reference_type":"","scores":[{"value":"0.00071","scoring_system":"epss","scoring_elements":"0.21814","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00071","scoring_system":"epss","scoring_elements":"0.2186","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00071","scoring_system":"epss","scoring_elements":"0.21872","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-59545"},{"reference_url":"https://github.com/dnnsoftware/Dnn.Platform","reference_id":"","reference_type":"","scores":[{"value":"9.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/dnnsoftware/Dnn.Platform"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-59545","reference_id":"CVE-2025-59545","reference_type":"","scores":[{"value":"9.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-59545"},{"reference_url":"https://github.com/advisories/GHSA-2qxc-mf4x-wr29","reference_id":"GHSA-2qxc-mf4x-wr29","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-2qxc-mf4x-wr29"},{"reference_url":"https://github.com/dnnsoftware/Dnn.Platform/security/advisories/GHSA-2qxc-mf4x-wr29","reference_id":"GHSA-2qxc-mf4x-wr29","reference_type":"","scores":[{"value":"9.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H"},{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-09-23T18:30:12Z/"}],"url":"https://github.com/dnnsoftware/Dnn.Platform/security/advisories/GHSA-2qxc-mf4x-wr29"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/70574?format=json","purl":"pkg:nuget/DotNetNuke.Core@10.1.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-77qd-hb2k-8uam"},{"vulnerability":"VCID-7u59-m3nn-q3gj"},{"vulnerability":"VCID-cs7y-gg46-r3ca"},{"vulnerability":"VCID-e5pw-7tpb-qyb8"},{"vulnerability":"VCID-k8b8-4muv-gye5"},{"vulnerability":"VCID-q3bw-2pvk-17dg"},{"vulnerability":"VCID-q97q-u1zk-rqhd"},{"vulnerability":"VCID-r799-28wr-23bu"},{"vulnerability":"VCID-s3s5-gwjg-rqgv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:nuget/DotNetNuke.Core@10.1.0"}],"aliases":["CVE-2025-59545","GHSA-2qxc-mf4x-wr29"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-msru-ycnu-zuhe"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/57341?format=json","vulnerability_id":"VCID-nn2y-9sk9-kugc","summary":"DNN allows Stored Cross-Site Scripting (XSS) with svg files rendered inline\nUploaded SVG files could contain scripts and if rendered inline those scripts could run allowing XSS attacks.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-48378","reference_id":"","reference_type":"","scores":[{"value":"0.00055","scoring_system":"epss","scoring_elements":"0.17634","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00055","scoring_system":"epss","scoring_elements":"0.17667","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00055","scoring_system":"epss","scoring_elements":"0.17673","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-48378"},{"reference_url":"https://github.com/dnnsoftware/Dnn.Platform","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/dnnsoftware/Dnn.Platform"},{"reference_url":"https://github.com/dnnsoftware/Dnn.Platform/commit/cfed83c291d5e5072b2fa70924a8b7c35b1cdf9e","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-23T16:00:53Z/"}],"url":"https://github.com/dnnsoftware/Dnn.Platform/commit/cfed83c291d5e5072b2fa70924a8b7c35b1cdf9e"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-48378","reference_id":"CVE-2025-48378","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-48378"},{"reference_url":"https://github.com/advisories/GHSA-m4hf-fxcg-cp34","reference_id":"GHSA-m4hf-fxcg-cp34","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-m4hf-fxcg-cp34"},{"reference_url":"https://github.com/dnnsoftware/Dnn.Platform/security/advisories/GHSA-m4hf-fxcg-cp34","reference_id":"GHSA-m4hf-fxcg-cp34","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-23T16:00:53Z/"}],"url":"https://github.com/dnnsoftware/Dnn.Platform/security/advisories/GHSA-m4hf-fxcg-cp34"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/73694?format=json","purl":"pkg:nuget/DotNetNuke.Core@9.13.9","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7u59-m3nn-q3gj"},{"vulnerability":"VCID-cs7y-gg46-r3ca"},{"vulnerability":"VCID-e5pw-7tpb-qyb8"},{"vulnerability":"VCID-erck-k36n-2yd2"},{"vulnerability":"VCID-k8b8-4muv-gye5"},{"vulnerability":"VCID-m9cg-wd76-zqcy"},{"vulnerability":"VCID-msru-ycnu-zuhe"},{"vulnerability":"VCID-q3bw-2pvk-17dg"},{"vulnerability":"VCID-q97q-u1zk-rqhd"},{"vulnerability":"VCID-r799-28wr-23bu"},{"vulnerability":"VCID-s3s5-gwjg-rqgv"},{"vulnerability":"VCID-y61z-d6sj-qucc"},{"vulnerability":"VCID-zfex-gefk-byfa"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:nuget/DotNetNuke.Core@9.13.9"}],"aliases":["CVE-2025-48378","GHSA-m4hf-fxcg-cp34"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-nn2y-9sk9-kugc"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/247801?format=json","vulnerability_id":"VCID-pnw1-8knr-7qhc","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-40186","reference_id":"","reference_type":"","scores":[{"value":"0.00311","scoring_system":"epss","scoring_elements":"0.54618","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00311","scoring_system":"epss","scoring_elements":"0.54676","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00311","scoring_system":"epss","scoring_elements":"0.54687","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00311","scoring_system":"epss","scoring_elements":"0.54679","published_at":"2026-06-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-40186"},{"reference_url":"https://appcheck-ng.com/dnn-cms-server-side-request-forgery-cve-2021-40186","reference_id":"","reference_type":"","scores":[],"url":"https://appcheck-ng.com/dnn-cms-server-side-request-forgery-cve-2021-40186"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-40186","reference_id":"CVE-2021-40186","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-40186"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/198370?format=json","purl":"pkg:nuget/DotNetNuke.Core@9.13.0-ci0000","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7u59-m3nn-q3gj"},{"vulnerability":"VCID-cs7y-gg46-r3ca"},{"vulnerability":"VCID-e5pw-7tpb-qyb8"},{"vulnerability":"VCID-erck-k36n-2yd2"},{"vulnerability":"VCID-hdn9-z9eh-abfx"},{"vulnerability":"VCID-k8b8-4muv-gye5"},{"vulnerability":"VCID-m9cg-wd76-zqcy"},{"vulnerability":"VCID-msru-ycnu-zuhe"},{"vulnerability":"VCID-nn2y-9sk9-kugc"},{"vulnerability":"VCID-q3bw-2pvk-17dg"},{"vulnerability":"VCID-q97q-u1zk-rqhd"},{"vulnerability":"VCID-r799-28wr-23bu"},{"vulnerability":"VCID-s3s5-gwjg-rqgv"},{"vulnerability":"VCID-v7s2-8wh8-kydw"},{"vulnerability":"VCID-y61z-d6sj-qucc"},{"vulnerability":"VCID-zfex-gefk-byfa"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:nuget/DotNetNuke.Core@9.13.0-ci0000"}],"aliases":["CVE-2021-40186"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-pnw1-8knr-7qhc"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/49880?format=json","vulnerability_id":"VCID-q3bw-2pvk-17dg","summary":"DotNetNuke.Core Vulnerable to Stored XSS in Module Deletion Confirmation Modal\nA module friendly name could include scripts that will run during some module operations in the Persona Bar.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-24837","reference_id":"","reference_type":"","scores":[{"value":"0.00017","scoring_system":"epss","scoring_elements":"0.04147","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00017","scoring_system":"epss","scoring_elements":"0.04161","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-24837"},{"reference_url":"https://github.com/dnnsoftware/Dnn.Platform","reference_id":"","reference_type":"","scores":[{"value":"7.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/dnnsoftware/Dnn.Platform"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-24837","reference_id":"CVE-2026-24837","reference_type":"","scores":[{"value":"7.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-24837"},{"reference_url":"https://github.com/advisories/GHSA-vm5q-8qww-h238","reference_id":"GHSA-vm5q-8qww-h238","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-vm5q-8qww-h238"},{"reference_url":"https://github.com/dnnsoftware/Dnn.Platform/security/advisories/GHSA-vm5q-8qww-h238","reference_id":"GHSA-vm5q-8qww-h238","reference_type":"","scores":[{"value":"7.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H"},{"value":"7.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-01-28T21:02:52Z/"}],"url":"https://github.com/dnnsoftware/Dnn.Platform/security/advisories/GHSA-vm5q-8qww-h238"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/73660?format=json","purl":"pkg:nuget/DotNetNuke.Core@10.2.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-77qd-hb2k-8uam"},{"vulnerability":"VCID-7u59-m3nn-q3gj"},{"vulnerability":"VCID-k8b8-4muv-gye5"},{"vulnerability":"VCID-s3s5-gwjg-rqgv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:nuget/DotNetNuke.Core@10.2.0"}],"aliases":["CVE-2026-24837","GHSA-vm5q-8qww-h238"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-q3bw-2pvk-17dg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/49878?format=json","vulnerability_id":"VCID-q97q-u1zk-rqhd","summary":"DotNetNuke.Core has a potential XSS vulnerability in modules' header and footer\nA content editor could inject scripts in module headers/footers that would run for other users.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-24784","reference_id":"","reference_type":"","scores":[{"value":"0.00054","scoring_system":"epss","scoring_elements":"0.17157","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00054","scoring_system":"epss","scoring_elements":"0.17192","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00054","scoring_system":"epss","scoring_elements":"0.17196","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-24784"},{"reference_url":"https://github.com/dnnsoftware/Dnn.Platform","reference_id":"","reference_type":"","scores":[{"value":"6.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/dnnsoftware/Dnn.Platform"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-24784","reference_id":"CVE-2026-24784","reference_type":"","scores":[{"value":"6.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-24784"},{"reference_url":"https://github.com/advisories/GHSA-jjwg-4948-6wxp","reference_id":"GHSA-jjwg-4948-6wxp","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-jjwg-4948-6wxp"},{"reference_url":"https://github.com/dnnsoftware/Dnn.Platform/security/advisories/GHSA-jjwg-4948-6wxp","reference_id":"GHSA-jjwg-4948-6wxp","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N"},{"value":"6.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:L/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-28T15:06:32Z/"}],"url":"https://github.com/dnnsoftware/Dnn.Platform/security/advisories/GHSA-jjwg-4948-6wxp"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/73659?format=json","purl":"pkg:nuget/DotNetNuke.Core@9.13.10","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:nuget/DotNetNuke.Core@9.13.10"},{"url":"http://public2.vulnerablecode.io/api/packages/73660?format=json","purl":"pkg:nuget/DotNetNuke.Core@10.2.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-77qd-hb2k-8uam"},{"vulnerability":"VCID-7u59-m3nn-q3gj"},{"vulnerability":"VCID-k8b8-4muv-gye5"},{"vulnerability":"VCID-s3s5-gwjg-rqgv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:nuget/DotNetNuke.Core@10.2.0"}],"aliases":["CVE-2026-24784","GHSA-jjwg-4948-6wxp"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-q97q-u1zk-rqhd"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/49871?format=json","vulnerability_id":"VCID-r799-28wr-23bu","summary":"DotNetNuke.Core Vulnerable to Stored XSS via Module Title\nModule title supports richtext which could include scripts that would execute in certain scenarios.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-24838","reference_id":"","reference_type":"","scores":[{"value":"0.00055","scoring_system":"epss","scoring_elements":"0.17459","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00055","scoring_system":"epss","scoring_elements":"0.17496","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00055","scoring_system":"epss","scoring_elements":"0.175","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-24838"},{"reference_url":"https://github.com/dnnsoftware/Dnn.Platform","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/dnnsoftware/Dnn.Platform"},{"reference_url":"https://github.com/dnnsoftware/Dnn.Platform/commit/4a4bcbcdf3cedbf702816f8168c4d51bf688f7f6","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/dnnsoftware/Dnn.Platform/commit/4a4bcbcdf3cedbf702816f8168c4d51bf688f7f6"},{"reference_url":"https://github.com/dnnsoftware/Dnn.Platform/releases/tag/v10.2.0","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/dnnsoftware/Dnn.Platform/releases/tag/v10.2.0"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-24838","reference_id":"CVE-2026-24838","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-24838"},{"reference_url":"https://github.com/advisories/GHSA-w9pf-h6m6-v89h","reference_id":"GHSA-w9pf-h6m6-v89h","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-w9pf-h6m6-v89h"},{"reference_url":"https://github.com/dnnsoftware/Dnn.Platform/security/advisories/GHSA-w9pf-h6m6-v89h","reference_id":"GHSA-w9pf-h6m6-v89h","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-01-28T15:03:11Z/"}],"url":"https://github.com/dnnsoftware/Dnn.Platform/security/advisories/GHSA-w9pf-h6m6-v89h"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/73659?format=json","purl":"pkg:nuget/DotNetNuke.Core@9.13.10","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:nuget/DotNetNuke.Core@9.13.10"},{"url":"http://public2.vulnerablecode.io/api/packages/73660?format=json","purl":"pkg:nuget/DotNetNuke.Core@10.2.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-77qd-hb2k-8uam"},{"vulnerability":"VCID-7u59-m3nn-q3gj"},{"vulnerability":"VCID-k8b8-4muv-gye5"},{"vulnerability":"VCID-s3s5-gwjg-rqgv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:nuget/DotNetNuke.Core@10.2.0"}],"aliases":["CVE-2026-24838","GHSA-w9pf-h6m6-v89h"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-r799-28wr-23bu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/90191?format=json","vulnerability_id":"VCID-s3s5-gwjg-rqgv","summary":"DotNetNuke.Core security code analysis rules triggered\nThe codebase raises code analysis warnings related to security, including CA3075, CA5366, CA5371, CA5368, CA5369, CA5372, CA5379, CA5350, and CA5351.\n\nMost of these deal with disabling DTD processing in XML documents, but also includes cryptographic algorithm choices.","references":[{"reference_url":"https://github.com/dnnsoftware/Dnn.Platform","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/dnnsoftware/Dnn.Platform"},{"reference_url":"https://github.com/dnnsoftware/Dnn.Platform/security/advisories/GHSA-fcpv-w245-r2q7","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/dnnsoftware/Dnn.Platform/security/advisories/GHSA-fcpv-w245-r2q7"},{"reference_url":"https://github.com/advisories/GHSA-fcpv-w245-r2q7","reference_id":"GHSA-fcpv-w245-r2q7","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-fcpv-w245-r2q7"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/110262?format=json","purl":"pkg:nuget/DotNetNuke.Core@10.2.2","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:nuget/DotNetNuke.Core@10.2.2"}],"aliases":["GHSA-fcpv-w245-r2q7"],"risk_score":1.4,"exploitability":"0.5","weighted_severity":"2.7","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-s3s5-gwjg-rqgv"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/243329?format=json","vulnerability_id":"VCID-uc59-7c8z-6kbd","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-31858","reference_id":"","reference_type":"","scores":[{"value":"0.00234","scoring_system":"epss","scoring_elements":"0.46422","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00234","scoring_system":"epss","scoring_elements":"0.46488","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00234","scoring_system":"epss","scoring_elements":"0.4649","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00234","scoring_system":"epss","scoring_elements":"0.4647","published_at":"2026-06-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-31858"},{"reference_url":"https://www.dnnsoftware.com/community/security/security-center","reference_id":"","reference_type":"","scores":[],"url":"https://www.dnnsoftware.com/community/security/security-center"},{"reference_url":"https://labs.integrity.pt/advisories/cve-2021-31858/","reference_id":"CVE-2021-31858","reference_type":"","scores":[],"url":"https://labs.integrity.pt/advisories/cve-2021-31858/"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-31858","reference_id":"CVE-2021-31858","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-31858"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/198370?format=json","purl":"pkg:nuget/DotNetNuke.Core@9.13.0-ci0000","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7u59-m3nn-q3gj"},{"vulnerability":"VCID-cs7y-gg46-r3ca"},{"vulnerability":"VCID-e5pw-7tpb-qyb8"},{"vulnerability":"VCID-erck-k36n-2yd2"},{"vulnerability":"VCID-hdn9-z9eh-abfx"},{"vulnerability":"VCID-k8b8-4muv-gye5"},{"vulnerability":"VCID-m9cg-wd76-zqcy"},{"vulnerability":"VCID-msru-ycnu-zuhe"},{"vulnerability":"VCID-nn2y-9sk9-kugc"},{"vulnerability":"VCID-q3bw-2pvk-17dg"},{"vulnerability":"VCID-q97q-u1zk-rqhd"},{"vulnerability":"VCID-r799-28wr-23bu"},{"vulnerability":"VCID-s3s5-gwjg-rqgv"},{"vulnerability":"VCID-v7s2-8wh8-kydw"},{"vulnerability":"VCID-y61z-d6sj-qucc"},{"vulnerability":"VCID-zfex-gefk-byfa"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:nuget/DotNetNuke.Core@9.13.0-ci0000"}],"aliases":["CVE-2021-31858"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-uc59-7c8z-6kbd"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/57339?format=json","vulnerability_id":"VCID-v7s2-8wh8-kydw","summary":"Reflected Cross-Site Scripting (XSS) in module actions in edit mode\nA specially crafted URL may be constructed which can inject an XSS payload that is triggered by using some module actions.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-48377","reference_id":"","reference_type":"","scores":[{"value":"0.00141","scoring_system":"epss","scoring_elements":"0.33988","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00141","scoring_system":"epss","scoring_elements":"0.3397","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00141","scoring_system":"epss","scoring_elements":"0.34003","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-48377"},{"reference_url":"https://github.com/dnnsoftware/Dnn.Platform","reference_id":"","reference_type":"","scores":[{"value":"6.0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/dnnsoftware/Dnn.Platform"},{"reference_url":"https://github.com/dnnsoftware/Dnn.Platform/commit/351b166492ad4b6509c273dc83211d52238e31a7","reference_id":"","reference_type":"","scores":[{"value":"6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N"},{"value":"6.0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-23T15:51:04Z/"}],"url":"https://github.com/dnnsoftware/Dnn.Platform/commit/351b166492ad4b6509c273dc83211d52238e31a7"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-48377","reference_id":"CVE-2025-48377","reference_type":"","scores":[{"value":"6.0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-48377"},{"reference_url":"https://github.com/advisories/GHSA-79m3-rvx2-3qq9","reference_id":"GHSA-79m3-rvx2-3qq9","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-79m3-rvx2-3qq9"},{"reference_url":"https://github.com/dnnsoftware/Dnn.Platform/security/advisories/GHSA-79m3-rvx2-3qq9","reference_id":"GHSA-79m3-rvx2-3qq9","reference_type":"","scores":[{"value":"6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N"},{"value":"6.0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-23T15:51:04Z/"}],"url":"https://github.com/dnnsoftware/Dnn.Platform/security/advisories/GHSA-79m3-rvx2-3qq9"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/73694?format=json","purl":"pkg:nuget/DotNetNuke.Core@9.13.9","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7u59-m3nn-q3gj"},{"vulnerability":"VCID-cs7y-gg46-r3ca"},{"vulnerability":"VCID-e5pw-7tpb-qyb8"},{"vulnerability":"VCID-erck-k36n-2yd2"},{"vulnerability":"VCID-k8b8-4muv-gye5"},{"vulnerability":"VCID-m9cg-wd76-zqcy"},{"vulnerability":"VCID-msru-ycnu-zuhe"},{"vulnerability":"VCID-q3bw-2pvk-17dg"},{"vulnerability":"VCID-q97q-u1zk-rqhd"},{"vulnerability":"VCID-r799-28wr-23bu"},{"vulnerability":"VCID-s3s5-gwjg-rqgv"},{"vulnerability":"VCID-y61z-d6sj-qucc"},{"vulnerability":"VCID-zfex-gefk-byfa"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:nuget/DotNetNuke.Core@9.13.9"}],"aliases":["CVE-2025-48377","GHSA-79m3-rvx2-3qq9"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-v7s2-8wh8-kydw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/47841?format=json","vulnerability_id":"VCID-y61z-d6sj-qucc","summary":"DNN vulnerable to Reflected Cross-Site Scripting (XSS) using url to profile\nA reflected cross-site scripting (XSS) vulnerability exists under certain conditions, using a specially crafter url to view a user profile","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-59821","reference_id":"","reference_type":"","scores":[{"value":"0.00031","scoring_system":"epss","scoring_elements":"0.09401","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00031","scoring_system":"epss","scoring_elements":"0.09416","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00031","scoring_system":"epss","scoring_elements":"0.09399","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-59821"},{"reference_url":"https://github.com/dnnsoftware/Dnn.Platform","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/dnnsoftware/Dnn.Platform"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-59821","reference_id":"CVE-2025-59821","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-59821"},{"reference_url":"https://github.com/advisories/GHSA-jc4g-c8ww-5738","reference_id":"GHSA-jc4g-c8ww-5738","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-jc4g-c8ww-5738"},{"reference_url":"https://github.com/dnnsoftware/Dnn.Platform/security/advisories/GHSA-jc4g-c8ww-5738","reference_id":"GHSA-jc4g-c8ww-5738","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-23T18:29:53Z/"}],"url":"https://github.com/dnnsoftware/Dnn.Platform/security/advisories/GHSA-jc4g-c8ww-5738"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/70574?format=json","purl":"pkg:nuget/DotNetNuke.Core@10.1.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-77qd-hb2k-8uam"},{"vulnerability":"VCID-7u59-m3nn-q3gj"},{"vulnerability":"VCID-cs7y-gg46-r3ca"},{"vulnerability":"VCID-e5pw-7tpb-qyb8"},{"vulnerability":"VCID-k8b8-4muv-gye5"},{"vulnerability":"VCID-q3bw-2pvk-17dg"},{"vulnerability":"VCID-q97q-u1zk-rqhd"},{"vulnerability":"VCID-r799-28wr-23bu"},{"vulnerability":"VCID-s3s5-gwjg-rqgv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:nuget/DotNetNuke.Core@10.1.0"}],"aliases":["CVE-2025-59821","GHSA-jc4g-c8ww-5738"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-y61z-d6sj-qucc"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/47839?format=json","vulnerability_id":"VCID-zfex-gefk-byfa","summary":"DNN Vulnerable to Stored XSS Using Backend Admin Credentials\nUsers that can edit modules could set a title that includes scripts.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-59546","reference_id":"","reference_type":"","scores":[{"value":"0.00025","scoring_system":"epss","scoring_elements":"0.07554","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00025","scoring_system":"epss","scoring_elements":"0.07574","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00025","scoring_system":"epss","scoring_elements":"0.07566","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-59546"},{"reference_url":"https://github.com/dnnsoftware/Dnn.Platform","reference_id":"","reference_type":"","scores":[{"value":"2.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/dnnsoftware/Dnn.Platform"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-59546","reference_id":"CVE-2025-59546","reference_type":"","scores":[{"value":"2.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-59546"},{"reference_url":"https://github.com/advisories/GHSA-gj8m-5492-q98h","reference_id":"GHSA-gj8m-5492-q98h","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-gj8m-5492-q98h"},{"reference_url":"https://github.com/dnnsoftware/Dnn.Platform/security/advisories/GHSA-gj8m-5492-q98h","reference_id":"GHSA-gj8m-5492-q98h","reference_type":"","scores":[{"value":"2.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N"},{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-23T18:30:03Z/"}],"url":"https://github.com/dnnsoftware/Dnn.Platform/security/advisories/GHSA-gj8m-5492-q98h"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/70574?format=json","purl":"pkg:nuget/DotNetNuke.Core@10.1.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-77qd-hb2k-8uam"},{"vulnerability":"VCID-7u59-m3nn-q3gj"},{"vulnerability":"VCID-cs7y-gg46-r3ca"},{"vulnerability":"VCID-e5pw-7tpb-qyb8"},{"vulnerability":"VCID-k8b8-4muv-gye5"},{"vulnerability":"VCID-q3bw-2pvk-17dg"},{"vulnerability":"VCID-q97q-u1zk-rqhd"},{"vulnerability":"VCID-r799-28wr-23bu"},{"vulnerability":"VCID-s3s5-gwjg-rqgv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:nuget/DotNetNuke.Core@10.1.0"}],"aliases":["CVE-2025-59546","GHSA-gj8m-5492-q98h"],"risk_score":1.4,"exploitability":"0.5","weighted_severity":"2.7","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-zfex-gefk-byfa"}],"fixing_vulnerabilities":[],"risk_score":"4.5","resource_url":"http://public2.vulnerablecode.io/packages/pkg:nuget/DotNetNuke.Core@9.6.2"}