{"url":"http://public2.vulnerablecode.io/api/packages/71228?format=json","purl":"pkg:nuget/DotNetNuke.Core@10.1.1","type":"nuget","namespace":"","name":"DotNetNuke.Core","version":"10.1.1","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"10.2.2","latest_non_vulnerable_version":"10.2.2","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/89216?format=json","vulnerability_id":"VCID-77qd-hb2k-8uam","summary":"DNN: Same HostGUID for all new installs\nDNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. All new installations of DNN 10.x.x - 10.2.1 have the same Host GUID. This does not affect upgrades from 9.x.x. Version 10.2.2 patches the issue.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-40306","reference_id":"","reference_type":"","scores":[{"value":"0.00041","scoring_system":"epss","scoring_elements":"0.1296","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00041","scoring_system":"epss","scoring_elements":"0.12999","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00041","scoring_system":"epss","scoring_elements":"0.12996","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-40306"},{"reference_url":"https://github.com/dnnsoftware/Dnn.Platform","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/dnnsoftware/Dnn.Platform"},{"reference_url":"https://github.com/dnnsoftware/Dnn.Platform/releases/tag/v10.2.2","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-20T16:18:17Z/"}],"url":"https://github.com/dnnsoftware/Dnn.Platform/releases/tag/v10.2.2"},{"reference_url":"https://github.com/dnnsoftware/Dnn.Platform/security/advisories/GHSA-2rhw-gw3f-477j","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-20T16:18:17Z/"}],"url":"https://github.com/dnnsoftware/Dnn.Platform/security/advisories/GHSA-2rhw-gw3f-477j"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-40306","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-40306"},{"reference_url":"https://github.com/advisories/GHSA-2rhw-gw3f-477j","reference_id":"GHSA-2rhw-gw3f-477j","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-2rhw-gw3f-477j"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/110262?format=json","purl":"pkg:nuget/DotNetNuke.Core@10.2.2","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:nuget/DotNetNuke.Core@10.2.2"}],"aliases":["CVE-2026-40306","GHSA-2rhw-gw3f-477j"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-77qd-hb2k-8uam"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/89773?format=json","vulnerability_id":"VCID-7u59-m3nn-q3gj","summary":"DotNetNuke.Core has stored cross-site-scripting (XSS) via SVG upload\nDNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Prior to version 10.2.2, a user could upload a specially crafted SVG file that could include scripts that can target both authenticated and unauthenticated DNN users. The impact is increased if the scripts are run by a power user. Version 10.2.2 patches the issue.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-40321","reference_id":"","reference_type":"","scores":[{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.0611","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.06106","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.06122","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-40321"},{"reference_url":"https://github.com/dnnsoftware/Dnn.Platform","reference_id":"","reference_type":"","scores":[{"value":"8.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/dnnsoftware/Dnn.Platform"},{"reference_url":"https://github.com/dnnsoftware/Dnn.Platform/releases/tag/v10.2.2","reference_id":"","reference_type":"","scores":[{"value":"8.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H"},{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-20T16:00:34Z/"}],"url":"https://github.com/dnnsoftware/Dnn.Platform/releases/tag/v10.2.2"},{"reference_url":"https://github.com/dnnsoftware/Dnn.Platform/security/advisories/GHSA-ffq7-898w-9jc4","reference_id":"","reference_type":"","scores":[{"value":"8.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H"},{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-20T16:00:34Z/"}],"url":"https://github.com/dnnsoftware/Dnn.Platform/security/advisories/GHSA-ffq7-898w-9jc4"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-40321","reference_id":"","reference_type":"","scores":[{"value":"8.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-40321"},{"reference_url":"https://github.com/advisories/GHSA-ffq7-898w-9jc4","reference_id":"GHSA-ffq7-898w-9jc4","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-ffq7-898w-9jc4"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/110262?format=json","purl":"pkg:nuget/DotNetNuke.Core@10.2.2","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:nuget/DotNetNuke.Core@10.2.2"}],"aliases":["CVE-2026-40321","GHSA-ffq7-898w-9jc4"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-7u59-m3nn-q3gj"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/49885?format=json","vulnerability_id":"VCID-cs7y-gg46-r3ca","summary":"DotNetNuke.Core Vulnerable to Stored XSS in Scheduler LogNotes\nExtensions could write richtext in log notes which can include scripts that would run in the PersonaBar when displayed.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-24836","reference_id":"","reference_type":"","scores":[{"value":"0.00017","scoring_system":"epss","scoring_elements":"0.04147","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00017","scoring_system":"epss","scoring_elements":"0.04161","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-24836"},{"reference_url":"https://github.com/dnnsoftware/Dnn.Platform","reference_id":"","reference_type":"","scores":[{"value":"7.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/dnnsoftware/Dnn.Platform"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-24836","reference_id":"CVE-2026-24836","reference_type":"","scores":[{"value":"7.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-24836"},{"reference_url":"https://github.com/advisories/GHSA-2g5g-hcgh-q3rp","reference_id":"GHSA-2g5g-hcgh-q3rp","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-2g5g-hcgh-q3rp"},{"reference_url":"https://github.com/dnnsoftware/Dnn.Platform/security/advisories/GHSA-2g5g-hcgh-q3rp","reference_id":"GHSA-2g5g-hcgh-q3rp","reference_type":"","scores":[{"value":"7.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H"},{"value":"7.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-01-28T21:04:00Z/"}],"url":"https://github.com/dnnsoftware/Dnn.Platform/security/advisories/GHSA-2g5g-hcgh-q3rp"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/73660?format=json","purl":"pkg:nuget/DotNetNuke.Core@10.2.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-77qd-hb2k-8uam"},{"vulnerability":"VCID-7u59-m3nn-q3gj"},{"vulnerability":"VCID-k8b8-4muv-gye5"},{"vulnerability":"VCID-s3s5-gwjg-rqgv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:nuget/DotNetNuke.Core@10.2.0"}],"aliases":["CVE-2026-24836","GHSA-2g5g-hcgh-q3rp"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-cs7y-gg46-r3ca"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/90281?format=json","vulnerability_id":"VCID-k8b8-4muv-gye5","summary":"DNN: Force Friend Request Acceptance\nDNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Starting in version 6.0.0 and prior to version 10.2.2, in the friends feature, a user could craft a request that would force the acceptance of a friend request on another user. Version 10.2.2 patches the issue.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-40305","reference_id":"","reference_type":"","scores":[{"value":"0.00034","scoring_system":"epss","scoring_elements":"0.10497","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00034","scoring_system":"epss","scoring_elements":"0.10536","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00034","scoring_system":"epss","scoring_elements":"0.10515","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-40305"},{"reference_url":"https://github.com/dnnsoftware/Dnn.Platform","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/dnnsoftware/Dnn.Platform"},{"reference_url":"https://github.com/dnnsoftware/Dnn.Platform/releases/tag/v10.2.2","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-20T13:22:45Z/"}],"url":"https://github.com/dnnsoftware/Dnn.Platform/releases/tag/v10.2.2"},{"reference_url":"https://github.com/dnnsoftware/Dnn.Platform/security/advisories/GHSA-fpj4-9qhx-5m6m","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-20T13:22:45Z/"}],"url":"https://github.com/dnnsoftware/Dnn.Platform/security/advisories/GHSA-fpj4-9qhx-5m6m"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-40305","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-40305"},{"reference_url":"https://github.com/advisories/GHSA-fpj4-9qhx-5m6m","reference_id":"GHSA-fpj4-9qhx-5m6m","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-fpj4-9qhx-5m6m"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/110262?format=json","purl":"pkg:nuget/DotNetNuke.Core@10.2.2","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:nuget/DotNetNuke.Core@10.2.2"}],"aliases":["CVE-2026-40305","GHSA-fpj4-9qhx-5m6m"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-k8b8-4muv-gye5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/49880?format=json","vulnerability_id":"VCID-q3bw-2pvk-17dg","summary":"DotNetNuke.Core Vulnerable to Stored XSS in Module Deletion Confirmation Modal\nA module friendly name could include scripts that will run during some module operations in the Persona Bar.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-24837","reference_id":"","reference_type":"","scores":[{"value":"0.00017","scoring_system":"epss","scoring_elements":"0.04147","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00017","scoring_system":"epss","scoring_elements":"0.04161","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-24837"},{"reference_url":"https://github.com/dnnsoftware/Dnn.Platform","reference_id":"","reference_type":"","scores":[{"value":"7.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/dnnsoftware/Dnn.Platform"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-24837","reference_id":"CVE-2026-24837","reference_type":"","scores":[{"value":"7.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-24837"},{"reference_url":"https://github.com/advisories/GHSA-vm5q-8qww-h238","reference_id":"GHSA-vm5q-8qww-h238","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-vm5q-8qww-h238"},{"reference_url":"https://github.com/dnnsoftware/Dnn.Platform/security/advisories/GHSA-vm5q-8qww-h238","reference_id":"GHSA-vm5q-8qww-h238","reference_type":"","scores":[{"value":"7.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H"},{"value":"7.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-01-28T21:02:52Z/"}],"url":"https://github.com/dnnsoftware/Dnn.Platform/security/advisories/GHSA-vm5q-8qww-h238"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/73660?format=json","purl":"pkg:nuget/DotNetNuke.Core@10.2.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-77qd-hb2k-8uam"},{"vulnerability":"VCID-7u59-m3nn-q3gj"},{"vulnerability":"VCID-k8b8-4muv-gye5"},{"vulnerability":"VCID-s3s5-gwjg-rqgv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:nuget/DotNetNuke.Core@10.2.0"}],"aliases":["CVE-2026-24837","GHSA-vm5q-8qww-h238"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-q3bw-2pvk-17dg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/49878?format=json","vulnerability_id":"VCID-q97q-u1zk-rqhd","summary":"DotNetNuke.Core has a potential XSS vulnerability in modules' header and footer\nA content editor could inject scripts in module headers/footers that would run for other users.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-24784","reference_id":"","reference_type":"","scores":[{"value":"0.00054","scoring_system":"epss","scoring_elements":"0.17157","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00054","scoring_system":"epss","scoring_elements":"0.17192","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00054","scoring_system":"epss","scoring_elements":"0.17196","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-24784"},{"reference_url":"https://github.com/dnnsoftware/Dnn.Platform","reference_id":"","reference_type":"","scores":[{"value":"6.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/dnnsoftware/Dnn.Platform"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-24784","reference_id":"CVE-2026-24784","reference_type":"","scores":[{"value":"6.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-24784"},{"reference_url":"https://github.com/advisories/GHSA-jjwg-4948-6wxp","reference_id":"GHSA-jjwg-4948-6wxp","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-jjwg-4948-6wxp"},{"reference_url":"https://github.com/dnnsoftware/Dnn.Platform/security/advisories/GHSA-jjwg-4948-6wxp","reference_id":"GHSA-jjwg-4948-6wxp","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N"},{"value":"6.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:L/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-28T15:06:32Z/"}],"url":"https://github.com/dnnsoftware/Dnn.Platform/security/advisories/GHSA-jjwg-4948-6wxp"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/73660?format=json","purl":"pkg:nuget/DotNetNuke.Core@10.2.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-77qd-hb2k-8uam"},{"vulnerability":"VCID-7u59-m3nn-q3gj"},{"vulnerability":"VCID-k8b8-4muv-gye5"},{"vulnerability":"VCID-s3s5-gwjg-rqgv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:nuget/DotNetNuke.Core@10.2.0"}],"aliases":["CVE-2026-24784","GHSA-jjwg-4948-6wxp"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-q97q-u1zk-rqhd"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/49871?format=json","vulnerability_id":"VCID-r799-28wr-23bu","summary":"DotNetNuke.Core Vulnerable to Stored XSS via Module Title\nModule title supports richtext which could include scripts that would execute in certain scenarios.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-24838","reference_id":"","reference_type":"","scores":[{"value":"0.00055","scoring_system":"epss","scoring_elements":"0.17459","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00055","scoring_system":"epss","scoring_elements":"0.17496","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00055","scoring_system":"epss","scoring_elements":"0.175","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-24838"},{"reference_url":"https://github.com/dnnsoftware/Dnn.Platform","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/dnnsoftware/Dnn.Platform"},{"reference_url":"https://github.com/dnnsoftware/Dnn.Platform/commit/4a4bcbcdf3cedbf702816f8168c4d51bf688f7f6","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/dnnsoftware/Dnn.Platform/commit/4a4bcbcdf3cedbf702816f8168c4d51bf688f7f6"},{"reference_url":"https://github.com/dnnsoftware/Dnn.Platform/releases/tag/v10.2.0","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/dnnsoftware/Dnn.Platform/releases/tag/v10.2.0"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-24838","reference_id":"CVE-2026-24838","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-24838"},{"reference_url":"https://github.com/advisories/GHSA-w9pf-h6m6-v89h","reference_id":"GHSA-w9pf-h6m6-v89h","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-w9pf-h6m6-v89h"},{"reference_url":"https://github.com/dnnsoftware/Dnn.Platform/security/advisories/GHSA-w9pf-h6m6-v89h","reference_id":"GHSA-w9pf-h6m6-v89h","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-01-28T15:03:11Z/"}],"url":"https://github.com/dnnsoftware/Dnn.Platform/security/advisories/GHSA-w9pf-h6m6-v89h"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/73660?format=json","purl":"pkg:nuget/DotNetNuke.Core@10.2.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-77qd-hb2k-8uam"},{"vulnerability":"VCID-7u59-m3nn-q3gj"},{"vulnerability":"VCID-k8b8-4muv-gye5"},{"vulnerability":"VCID-s3s5-gwjg-rqgv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:nuget/DotNetNuke.Core@10.2.0"}],"aliases":["CVE-2026-24838","GHSA-w9pf-h6m6-v89h"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-r799-28wr-23bu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/90191?format=json","vulnerability_id":"VCID-s3s5-gwjg-rqgv","summary":"DotNetNuke.Core security code analysis rules triggered\nThe codebase raises code analysis warnings related to security, including CA3075, CA5366, CA5371, CA5368, CA5369, CA5372, CA5379, CA5350, and CA5351.\n\nMost of these deal with disabling DTD processing in XML documents, but also includes cryptographic algorithm choices.","references":[{"reference_url":"https://github.com/dnnsoftware/Dnn.Platform","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/dnnsoftware/Dnn.Platform"},{"reference_url":"https://github.com/dnnsoftware/Dnn.Platform/security/advisories/GHSA-fcpv-w245-r2q7","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/dnnsoftware/Dnn.Platform/security/advisories/GHSA-fcpv-w245-r2q7"},{"reference_url":"https://github.com/advisories/GHSA-fcpv-w245-r2q7","reference_id":"GHSA-fcpv-w245-r2q7","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-fcpv-w245-r2q7"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/110262?format=json","purl":"pkg:nuget/DotNetNuke.Core@10.2.2","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:nuget/DotNetNuke.Core@10.2.2"}],"aliases":["GHSA-fcpv-w245-r2q7"],"risk_score":1.4,"exploitability":"0.5","weighted_severity":"2.7","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-s3s5-gwjg-rqgv"}],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/48225?format=json","vulnerability_id":"VCID-e5pw-7tpb-qyb8","summary":"DNN vulnerable to stored cross-site-scripting (XSS) via SVG upload\nSanitization of the content of uploaded SVG files was not covering all possible XSS scenarios.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-64094","reference_id":"","reference_type":"","scores":[{"value":"0.00025","scoring_system":"epss","scoring_elements":"0.07527","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00025","scoring_system":"epss","scoring_elements":"0.07548","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00025","scoring_system":"epss","scoring_elements":"0.0754","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-64094"},{"reference_url":"https://github.com/dnnsoftware/Dnn.Platform","reference_id":"","reference_type":"","scores":[{"value":"6.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/dnnsoftware/Dnn.Platform"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-64094","reference_id":"CVE-2025-64094","reference_type":"","scores":[{"value":"6.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-64094"},{"reference_url":"https://github.com/advisories/GHSA-hmvq-8p83-cq52","reference_id":"GHSA-hmvq-8p83-cq52","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-hmvq-8p83-cq52"},{"reference_url":"https://github.com/dnnsoftware/Dnn.Platform/security/advisories/GHSA-hmvq-8p83-cq52","reference_id":"GHSA-hmvq-8p83-cq52","reference_type":"","scores":[{"value":"6.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-29T14:51:54Z/"}],"url":"https://github.com/dnnsoftware/Dnn.Platform/security/advisories/GHSA-hmvq-8p83-cq52"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/71228?format=json","purl":"pkg:nuget/DotNetNuke.Core@10.1.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-77qd-hb2k-8uam"},{"vulnerability":"VCID-7u59-m3nn-q3gj"},{"vulnerability":"VCID-cs7y-gg46-r3ca"},{"vulnerability":"VCID-k8b8-4muv-gye5"},{"vulnerability":"VCID-q3bw-2pvk-17dg"},{"vulnerability":"VCID-q97q-u1zk-rqhd"},{"vulnerability":"VCID-r799-28wr-23bu"},{"vulnerability":"VCID-s3s5-gwjg-rqgv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:nuget/DotNetNuke.Core@10.1.1"}],"aliases":["CVE-2025-64094","GHSA-hmvq-8p83-cq52"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-e5pw-7tpb-qyb8"}],"risk_score":"4.5","resource_url":"http://public2.vulnerablecode.io/packages/pkg:nuget/DotNetNuke.Core@10.1.1"}