VulnerableCode Package Details - pkg:nuget/DotNetNuke.Core@10.2.1

Search for packages

Vulnerability	Summary	Fixed by
VCID-77qd-hb2k-8uam Aliases: CVE-2026-40306 GHSA-2rhw-gw3f-477j	DNN: Same HostGUID for all new installs DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. All new installations of DNN 10.x.x - 10.2.1 have the same Host GUID. This does not affect upgrades from 9.x.x. Version 10.2.2 patches the issue.	10.2.2 Affected by 0 other vulnerabilities.
VCID-7u59-m3nn-q3gj Aliases: CVE-2026-40321 GHSA-ffq7-898w-9jc4	DotNetNuke.Core has stored cross-site-scripting (XSS) via SVG upload DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Prior to version 10.2.2, a user could upload a specially crafted SVG file that could include scripts that can target both authenticated and unauthenticated DNN users. The impact is increased if the scripts are run by a power user. Version 10.2.2 patches the issue.	10.2.2 Affected by 0 other vulnerabilities.
VCID-k8b8-4muv-gye5 Aliases: CVE-2026-40305 GHSA-fpj4-9qhx-5m6m	DNN: Force Friend Request Acceptance DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Starting in version 6.0.0 and prior to version 10.2.2, in the friends feature, a user could craft a request that would force the acceptance of a friend request on another user. Version 10.2.2 patches the issue.	10.2.2 Affected by 0 other vulnerabilities.
VCID-s3s5-gwjg-rqgv Aliases: GHSA-fcpv-w245-r2q7	DotNetNuke.Core security code analysis rules triggered The codebase raises code analysis warnings related to security, including CA3075, CA5366, CA5371, CA5368, CA5369, CA5372, CA5379, CA5350, and CA5351. Most of these deal with disabling DTD processing in XML documents, but also includes cryptographic algorithm choices.	10.2.2 Affected by 0 other vulnerabilities.

Vulnerability

Summary

Fixed by

VCID-77qd-hb2k-8uam
Aliases:
CVE-2026-40306
GHSA-2rhw-gw3f-477j

DNN: Same HostGUID for all new installs DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. All new installations of DNN 10.x.x - 10.2.1 have the same Host GUID. This does not affect upgrades from 9.x.x. Version 10.2.2 patches the issue.

10.2.2
Affected by 0 other vulnerabilities.

VCID-7u59-m3nn-q3gj
Aliases:
CVE-2026-40321
GHSA-ffq7-898w-9jc4

DotNetNuke.Core has stored cross-site-scripting (XSS) via SVG upload DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Prior to version 10.2.2, a user could upload a specially crafted SVG file that could include scripts that can target both authenticated and unauthenticated DNN users. The impact is increased if the scripts are run by a power user. Version 10.2.2 patches the issue.

10.2.2
Affected by 0 other vulnerabilities.

VCID-k8b8-4muv-gye5
Aliases:
CVE-2026-40305
GHSA-fpj4-9qhx-5m6m

DNN: Force Friend Request Acceptance DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Starting in version 6.0.0 and prior to version 10.2.2, in the friends feature, a user could craft a request that would force the acceptance of a friend request on another user. Version 10.2.2 patches the issue.

10.2.2
Affected by 0 other vulnerabilities.

VCID-s3s5-gwjg-rqgv
Aliases:
GHSA-fcpv-w245-r2q7

DotNetNuke.Core security code analysis rules triggered The codebase raises code analysis warnings related to security, including CA3075, CA5366, CA5371, CA5368, CA5369, CA5372, CA5379, CA5350, and CA5351. Most of these deal with disabling DTD processing in XML documents, but also includes cryptographic algorithm choices.

10.2.2
Affected by 0 other vulnerabilities.

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Vulnerability

Summary

Aliases

This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-06-06T08:02:35.342439+00:00	GitLab Importer	Affected by	VCID-s3s5-gwjg-rqgv	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/nuget/DotNetNuke.Core/GHSA-fcpv-w245-r2q7.yml	38.6.0
2026-06-06T07:57:35.111987+00:00	GitLab Importer	Affected by	VCID-77qd-hb2k-8uam	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/nuget/DotNetNuke.Core/CVE-2026-40306.yml	38.6.0
2026-06-06T07:56:52.680963+00:00	GitLab Importer	Affected by	VCID-k8b8-4muv-gye5	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/nuget/DotNetNuke.Core/CVE-2026-40305.yml	38.6.0
2026-06-06T07:54:59.061472+00:00	GitLab Importer	Affected by	VCID-7u59-m3nn-q3gj	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/nuget/DotNetNuke.Core/CVE-2026-40321.yml	38.6.0