VulnerableCode Package Details - pkg:nuget/DotNetNuke.Core@10.2.0

Search for packages

Vulnerability	Summary	Fixed by
VCID-77qd-hb2k-8uam Aliases: CVE-2026-40306 GHSA-2rhw-gw3f-477j	DNN: Same HostGUID for all new installs DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. All new installations of DNN 10.x.x - 10.2.1 have the same Host GUID. This does not affect upgrades from 9.x.x. Version 10.2.2 patches the issue.	10.2.2 Affected by 0 other vulnerabilities.
VCID-7u59-m3nn-q3gj Aliases: CVE-2026-40321 GHSA-ffq7-898w-9jc4	DotNetNuke.Core has stored cross-site-scripting (XSS) via SVG upload DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Prior to version 10.2.2, a user could upload a specially crafted SVG file that could include scripts that can target both authenticated and unauthenticated DNN users. The impact is increased if the scripts are run by a power user. Version 10.2.2 patches the issue.	10.2.2 Affected by 0 other vulnerabilities.
VCID-k8b8-4muv-gye5 Aliases: CVE-2026-40305 GHSA-fpj4-9qhx-5m6m	DNN: Force Friend Request Acceptance DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Starting in version 6.0.0 and prior to version 10.2.2, in the friends feature, a user could craft a request that would force the acceptance of a friend request on another user. Version 10.2.2 patches the issue.	10.2.2 Affected by 0 other vulnerabilities.
VCID-s3s5-gwjg-rqgv Aliases: GHSA-fcpv-w245-r2q7	DotNetNuke.Core security code analysis rules triggered The codebase raises code analysis warnings related to security, including CA3075, CA5366, CA5371, CA5368, CA5369, CA5372, CA5379, CA5350, and CA5351. Most of these deal with disabling DTD processing in XML documents, but also includes cryptographic algorithm choices.	10.2.2 Affected by 0 other vulnerabilities.

Vulnerability

Summary

Fixed by

VCID-77qd-hb2k-8uam
Aliases:
CVE-2026-40306
GHSA-2rhw-gw3f-477j

DNN: Same HostGUID for all new installs DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. All new installations of DNN 10.x.x - 10.2.1 have the same Host GUID. This does not affect upgrades from 9.x.x. Version 10.2.2 patches the issue.

10.2.2
Affected by 0 other vulnerabilities.

VCID-7u59-m3nn-q3gj
Aliases:
CVE-2026-40321
GHSA-ffq7-898w-9jc4

DotNetNuke.Core has stored cross-site-scripting (XSS) via SVG upload DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Prior to version 10.2.2, a user could upload a specially crafted SVG file that could include scripts that can target both authenticated and unauthenticated DNN users. The impact is increased if the scripts are run by a power user. Version 10.2.2 patches the issue.

10.2.2
Affected by 0 other vulnerabilities.

VCID-k8b8-4muv-gye5
Aliases:
CVE-2026-40305
GHSA-fpj4-9qhx-5m6m

DNN: Force Friend Request Acceptance DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Starting in version 6.0.0 and prior to version 10.2.2, in the friends feature, a user could craft a request that would force the acceptance of a friend request on another user. Version 10.2.2 patches the issue.

10.2.2
Affected by 0 other vulnerabilities.

VCID-s3s5-gwjg-rqgv
Aliases:
GHSA-fcpv-w245-r2q7

DotNetNuke.Core security code analysis rules triggered The codebase raises code analysis warnings related to security, including CA3075, CA5366, CA5371, CA5368, CA5369, CA5372, CA5379, CA5350, and CA5351. Most of these deal with disabling DTD processing in XML documents, but also includes cryptographic algorithm choices.

10.2.2
Affected by 0 other vulnerabilities.

Vulnerability	Summary	Aliases
VCID-cs7y-gg46-r3ca	DotNetNuke.Core Vulnerable to Stored XSS in Scheduler LogNotes Extensions could write richtext in log notes which can include scripts that would run in the PersonaBar when displayed.	CVE-2026-24836 GHSA-2g5g-hcgh-q3rp
VCID-q3bw-2pvk-17dg	DotNetNuke.Core Vulnerable to Stored XSS in Module Deletion Confirmation Modal A module friendly name could include scripts that will run during some module operations in the Persona Bar.	CVE-2026-24837 GHSA-vm5q-8qww-h238
VCID-q97q-u1zk-rqhd	DotNetNuke.Core has a potential XSS vulnerability in modules' header and footer A content editor could inject scripts in module headers/footers that would run for other users.	CVE-2026-24784 GHSA-jjwg-4948-6wxp
VCID-r799-28wr-23bu	DotNetNuke.Core Vulnerable to Stored XSS via Module Title Module title supports richtext which could include scripts that would execute in certain scenarios.	CVE-2026-24838 GHSA-w9pf-h6m6-v89h

Vulnerability

Summary

Aliases

VCID-cs7y-gg46-r3ca

DotNetNuke.Core Vulnerable to Stored XSS in Scheduler LogNotes Extensions could write richtext in log notes which can include scripts that would run in the PersonaBar when displayed.

CVE-2026-24836
GHSA-2g5g-hcgh-q3rp

VCID-q3bw-2pvk-17dg

DotNetNuke.Core Vulnerable to Stored XSS in Module Deletion Confirmation Modal A module friendly name could include scripts that will run during some module operations in the Persona Bar.

CVE-2026-24837
GHSA-vm5q-8qww-h238

VCID-q97q-u1zk-rqhd

DotNetNuke.Core has a potential XSS vulnerability in modules' header and footer A content editor could inject scripts in module headers/footers that would run for other users.

CVE-2026-24784
GHSA-jjwg-4948-6wxp

VCID-r799-28wr-23bu

DotNetNuke.Core Vulnerable to Stored XSS via Module Title Module title supports richtext which could include scripts that would execute in certain scenarios.

CVE-2026-24838
GHSA-w9pf-h6m6-v89h

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-06-06T08:02:35.337950+00:00	GitLab Importer	Affected by	VCID-s3s5-gwjg-rqgv	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/nuget/DotNetNuke.Core/GHSA-fcpv-w245-r2q7.yml	38.6.0
2026-06-06T07:57:35.107578+00:00	GitLab Importer	Affected by	VCID-77qd-hb2k-8uam	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/nuget/DotNetNuke.Core/CVE-2026-40306.yml	38.6.0
2026-06-06T07:56:52.673044+00:00	GitLab Importer	Affected by	VCID-k8b8-4muv-gye5	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/nuget/DotNetNuke.Core/CVE-2026-40305.yml	38.6.0
2026-06-06T07:54:59.055870+00:00	GitLab Importer	Affected by	VCID-7u59-m3nn-q3gj	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/nuget/DotNetNuke.Core/CVE-2026-40321.yml	38.6.0
2026-06-05T21:57:32.144975+00:00	GHSA Importer	Fixing	VCID-r799-28wr-23bu	https://github.com/advisories/GHSA-w9pf-h6m6-v89h	38.6.0
2026-06-05T21:57:29.418007+00:00	GHSA Importer	Fixing	VCID-q3bw-2pvk-17dg	https://github.com/advisories/GHSA-vm5q-8qww-h238	38.6.0
2026-06-05T21:57:29.105113+00:00	GHSA Importer	Fixing	VCID-cs7y-gg46-r3ca	https://github.com/advisories/GHSA-2g5g-hcgh-q3rp	38.6.0
2026-06-05T21:57:28.806554+00:00	GHSA Importer	Fixing	VCID-q97q-u1zk-rqhd	https://github.com/advisories/GHSA-jjwg-4948-6wxp	38.6.0
2026-06-04T16:54:44.247104+00:00	GithubOSV Importer	Fixing	VCID-cs7y-gg46-r3ca	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2026/01/GHSA-2g5g-hcgh-q3rp/GHSA-2g5g-hcgh-q3rp.json	38.6.0
2026-06-04T16:54:26.860975+00:00	GithubOSV Importer	Fixing	VCID-q97q-u1zk-rqhd	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2026/01/GHSA-jjwg-4948-6wxp/GHSA-jjwg-4948-6wxp.json	38.6.0
2026-06-04T16:54:11.687314+00:00	GithubOSV Importer	Fixing	VCID-q3bw-2pvk-17dg	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2026/01/GHSA-vm5q-8qww-h238/GHSA-vm5q-8qww-h238.json	38.6.0
2026-06-04T16:54:11.439719+00:00	GithubOSV Importer	Fixing	VCID-r799-28wr-23bu	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2026/01/GHSA-w9pf-h6m6-v89h/GHSA-w9pf-h6m6-v89h.json	38.6.0
2026-06-02T04:49:47.591417+00:00	GitLab Importer	Fixing	VCID-cs7y-gg46-r3ca	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/nuget/DotNetNuke.Core/CVE-2026-24836.yml	38.6.0
2026-06-02T04:49:47.100065+00:00	GitLab Importer	Fixing	VCID-q3bw-2pvk-17dg	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/nuget/DotNetNuke.Core/CVE-2026-24837.yml	38.6.0
2026-06-02T04:49:46.991029+00:00	GitLab Importer	Fixing	VCID-q97q-u1zk-rqhd	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/nuget/DotNetNuke.Core/CVE-2026-24784.yml	38.6.0
2026-06-02T04:49:46.069176+00:00	GitLab Importer	Fixing	VCID-r799-28wr-23bu	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/nuget/DotNetNuke.Core/CVE-2026-24838.yml	38.6.0