Search for packages
| purl | pkg:nuget/DotNetNuke.Core@7.1.0 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-17y1-2fdf-57b1
Aliases: CVE-2015-2794 GHSA-x8f7-h444-97w4 |
Insecure Default Initialization of Resource The installation wizard in DotNetNuke (DNN) allows remote attackers to reinstall the application and gain SuperUser access via a direct request to Install/InstallWizard.aspx. |
Affected by 9 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 8 other vulnerabilities. |
|
VCID-2dnh-g597-juce
Aliases: CVE-2018-18325 GHSA-j3g9-6fx5-gjv7 |
Inadequate Encryption Strength in DotNetNuke DNN (aka DotNetNuke) 9.2 through 9.2.2 uses a weak encryption algorithm to protect input parameters. NOTE: this issue exists because of an incomplete fix for CVE-2018-15811. |
Affected by 4 other vulnerabilities. |
|
VCID-38yt-swkk-nfbm
Aliases: CVE-2015-1566 GHSA-v76m-f5cx-8rg4 |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Cross-site scripting (XSS) vulnerability in DotNetNuke (DNN) allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
Affected by 1 other vulnerability. Affected by 9 other vulnerabilities. |
|
VCID-3e7c-8uk1-ruch
Aliases: CVE-2019-12562 GHSA-5whq-j5qg-wjvp |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Stored Cross-Site Scripting in DotNetNuke (DNN) allows remote attackers to store and embed the malicious script into the admin notification page. The exploit could be used to perfom any action with admin privileges such as managing content, adding users, uploading backdoors to the server, etc. Successful exploitation occurs when an admin user visits a notification page with stored cross-site scripting. |
Affected by 3 other vulnerabilities. |
|
VCID-6p55-zzdb-qybq
Aliases: CVE-2013-3943 |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Cross-site scripting (XSS) vulnerability in DotNetNuke (DNN) allows remote authenticated users to inject arbitrary web script or HTML via vectors related to the Display Name field in the Manage Profile. |
Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. |
|
VCID-83xb-rj89-dyeu
Aliases: CVE-2013-7335 GHSA-mj48-f959-pqph |
Improper Input Validation Open redirect vulnerability in DotNetNuke (DNN) allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. |
Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. |
|
VCID-f79t-dgkp-f3cy
Aliases: CVE-2017-9822 GHSA-x2rg-fmcv-crq5 |
Improper Input Validation DNN (aka DotNetNuke) has Remote Code Execution via a cookie, aka "2017-08 (Critical) Possible remote code execution on DNN sites." |
Affected by 1 other vulnerability. Affected by 6 other vulnerabilities. |
|
VCID-jqs5-zkws-43bu
Aliases: CVE-2016-7119 GHSA-5c66-x4wm-rjfx |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Cross-site scripting (XSS) vulnerability in the user-profile biography section in DotNetNuke (DNN) allows remote authenticated users to inject arbitrary web script or HTML via a crafted onclick attribute in an IMG element. |
Affected by 0 other vulnerabilities. Affected by 7 other vulnerabilities. |
|
VCID-m5hg-ajyc-3qf1
Aliases: CVE-2020-5187 GHSA-4qf5-7xc2-wqpg |
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') DNN (formerly DotNetNuke) allows Path Traversal. |
Affected by 1 other vulnerability. Affected by 0 other vulnerabilities. |
|
VCID-p8d6-bm6x-pkge
Aliases: CVE-2013-4649 GHSA-rvrj-j7cc-236p |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Cross-site scripting (XSS) vulnerability in DotNetNuke (DNN) allows remote attackers to inject arbitrary web script or HTML via the __dnnVariable parameter to the default URI. |
Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. |
|
VCID-qscj-d21p-nfby
Aliases: CVE-2020-5186 GHSA-9phr-h5mx-4fp6 |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') DNN (formerly DotNetNuke) allows XSS. |
Affected by 1 other vulnerability. Affected by 0 other vulnerabilities. |
|
VCID-xn9v-vadd-zyd1
Aliases: CVE-2017-0929 GHSA-g8j6-m4p7-5rfq |
DNN (aka DotNetNuke) suffers from a Server-Side Request Forgery (SSRF) vulnerability in the DnnImageHandler class. Attackers may be able to access information about internal network resources. |
Affected by 3 other vulnerabilities. Affected by 8 other vulnerabilities. |
|
VCID-y9ym-w5m9-e3bs
Aliases: CVE-2020-5188 GHSA-vjcm-j85r-7p68 |
Incorrect Resource Transfer Between Spheres DNN (formerly DotNetNuke) has Insecure Permissions. |
Affected by 1 other vulnerability. Affected by 0 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||