VulnerableCode Package Details - pkg:nuget/DotNetNuke.Core@9.0.0

Search for packages

Vulnerability	Summary	Fixed by
VCID-cs7y-gg46-r3ca Aliases: CVE-2026-24836 GHSA-2g5g-hcgh-q3rp	DotNetNuke.Core Vulnerable to Stored XSS in Scheduler LogNotes Extensions could write richtext in log notes which can include scripts that would run in the PersonaBar when displayed.	10.2.0 Affected by 4 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-q3bw-2pvk-17dg Aliases: CVE-2026-24837 GHSA-vm5q-8qww-h238	DotNetNuke.Core Vulnerable to Stored XSS in Module Deletion Confirmation Modal A module friendly name could include scripts that will run during some module operations in the Persona Bar.	10.2.0 Affected by 4 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-q97q-u1zk-rqhd Aliases: CVE-2026-24784 GHSA-jjwg-4948-6wxp	DotNetNuke.Core has a potential XSS vulnerability in modules' header and footer A content editor could inject scripts in module headers/footers that would run for other users.	9.13.10 Affected by 0 other vulnerabilities. 10.2.0 Affected by 4 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}

Vulnerability

Summary

Fixed by

VCID-cs7y-gg46-r3ca
Aliases:
CVE-2026-24836
GHSA-2g5g-hcgh-q3rp

DotNetNuke.Core Vulnerable to Stored XSS in Scheduler LogNotes Extensions could write richtext in log notes which can include scripts that would run in the PersonaBar when displayed.

10.2.0
Affected by 4 other vulnerabilities.

VCID-q3bw-2pvk-17dg
Aliases:
CVE-2026-24837
GHSA-vm5q-8qww-h238

DotNetNuke.Core Vulnerable to Stored XSS in Module Deletion Confirmation Modal A module friendly name could include scripts that will run during some module operations in the Persona Bar.

10.2.0
Affected by 4 other vulnerabilities.

VCID-q97q-u1zk-rqhd
Aliases:
CVE-2026-24784
GHSA-jjwg-4948-6wxp

DotNetNuke.Core has a potential XSS vulnerability in modules' header and footer A content editor could inject scripts in module headers/footers that would run for other users.

9.13.10
Affected by 0 other vulnerabilities.

10.2.0
Affected by 4 other vulnerabilities.

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Vulnerability

Summary

Aliases

This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-06-05T21:57:29.570696+00:00	GHSA Importer	Affected by	VCID-q3bw-2pvk-17dg	https://github.com/advisories/GHSA-vm5q-8qww-h238	38.6.0
2026-06-05T21:57:29.258755+00:00	GHSA Importer	Affected by	VCID-cs7y-gg46-r3ca	https://github.com/advisories/GHSA-2g5g-hcgh-q3rp	38.6.0
2026-06-05T21:57:28.642663+00:00	GHSA Importer	Affected by	VCID-q97q-u1zk-rqhd	https://github.com/advisories/GHSA-jjwg-4948-6wxp	38.6.0
2026-06-02T04:49:47.579888+00:00	GitLab Importer	Affected by	VCID-cs7y-gg46-r3ca	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/nuget/DotNetNuke.Core/CVE-2026-24836.yml	38.6.0
2026-06-02T04:49:47.087501+00:00	GitLab Importer	Affected by	VCID-q3bw-2pvk-17dg	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/nuget/DotNetNuke.Core/CVE-2026-24837.yml	38.6.0
2026-06-02T04:49:46.974409+00:00	GitLab Importer	Affected by	VCID-q97q-u1zk-rqhd	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/nuget/DotNetNuke.Core/CVE-2026-24784.yml	38.6.0