VulnerableCode Package Details - pkg:nuget/DotNetNuke.Core@1.0.6

Search for packages

Vulnerability	Summary	Fixed by
VCID-6p55-zzdb-qybq Aliases: CVE-2013-3943	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Cross-site scripting (XSS) vulnerability in DotNetNuke (DNN) allows remote authenticated users to inject arbitrary web script or HTML via vectors related to the Display Name field in the Manage Profile.	7.2.0 Affected by 0 other vulnerabilities. 9.13.0-ci0000 Affected by 16 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-83xb-rj89-dyeu Aliases: CVE-2013-7335 GHSA-mj48-f959-pqph	Improper Input Validation Open redirect vulnerability in DotNetNuke (DNN) allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.	6.2.9 Affected by 0 other vulnerabilities. 7.1.1 Affected by 0 other vulnerabilities. 7.2.0 Affected by 0 other vulnerabilities. 9.13.0-ci0000 Affected by 16 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-p8d6-bm6x-pkge Aliases: CVE-2013-4649 GHSA-rvrj-j7cc-236p	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Cross-site scripting (XSS) vulnerability in DotNetNuke (DNN) allows remote attackers to inject arbitrary web script or HTML via the __dnnVariable parameter to the default URI.	6.2.9 Affected by 0 other vulnerabilities. 7.1.1 Affected by 0 other vulnerabilities. 7.2.0 Affected by 0 other vulnerabilities. 9.13.0-ci0000 Affected by 16 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}

Vulnerability

Summary

Fixed by

VCID-6p55-zzdb-qybq
Aliases:
CVE-2013-3943

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Cross-site scripting (XSS) vulnerability in DotNetNuke (DNN) allows remote authenticated users to inject arbitrary web script or HTML via vectors related to the Display Name field in the Manage Profile.

7.2.0
Affected by 0 other vulnerabilities.

9.13.0-ci0000
Affected by 16 other vulnerabilities.

VCID-83xb-rj89-dyeu
Aliases:
CVE-2013-7335
GHSA-mj48-f959-pqph

Improper Input Validation Open redirect vulnerability in DotNetNuke (DNN) allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.

6.2.9
Affected by 0 other vulnerabilities.

7.1.1
Affected by 0 other vulnerabilities.

7.2.0
Affected by 0 other vulnerabilities.

9.13.0-ci0000
Affected by 16 other vulnerabilities.

VCID-p8d6-bm6x-pkge
Aliases:
CVE-2013-4649
GHSA-rvrj-j7cc-236p

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Cross-site scripting (XSS) vulnerability in DotNetNuke (DNN) allows remote attackers to inject arbitrary web script or HTML via the __dnnVariable parameter to the default URI.

6.2.9
Affected by 0 other vulnerabilities.

7.1.1
Affected by 0 other vulnerabilities.

7.2.0
Affected by 0 other vulnerabilities.

9.13.0-ci0000
Affected by 16 other vulnerabilities.

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Vulnerability

Summary

Aliases

This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-06-02T04:36:14.245765+00:00	GitLab Importer	Affected by	VCID-83xb-rj89-dyeu	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/nuget/DotNetNuke.Core/CVE-2013-7335.yml	38.6.0
2026-06-02T04:36:14.213831+00:00	GitLab Importer	Affected by	VCID-6p55-zzdb-qybq	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/nuget/DotNetNuke.Core/CVE-2013-3943.yml	38.6.0
2026-06-02T04:36:14.180506+00:00	GitLab Importer	Affected by	VCID-p8d6-bm6x-pkge	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/nuget/DotNetNuke.Core/CVE-2013-4649.yml	38.6.0