VulnerableCode Package Details - pkg:nuget/DotNetNuke.Core@9.2.0.366

Staging Environment: Content and features may be unstable or change without notice.

Search for packages

Package details: pkg:nuget/DotNetNuke.Core@9.2.0.366

Essentials
History (10)

purl	pkg:nuget/DotNetNuke.Core@9.2.0.366

Next non-vulnerable version	9.6.0
Latest non-vulnerable version	10.2.2
Risk	10.0

Vulnerabilities affecting this package (8)

Vulnerability	Summary	Fixed by
VCID-2dnh-g597-juce Aliases: CVE-2018-18325 GHSA-j3g9-6fx5-gjv7	Inadequate Encryption Strength in DotNetNuke DNN (aka DotNetNuke) 9.2 through 9.2.2 uses a weak encryption algorithm to protect input parameters. NOTE: this issue exists because of an incomplete fix for CVE-2018-15811.	9.3.0 Affected by 4 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-3e7c-8uk1-ruch Aliases: CVE-2019-12562 GHSA-5whq-j5qg-wjvp	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Stored Cross-Site Scripting in DotNetNuke (DNN) allows remote attackers to store and embed the malicious script into the admin notification page. The exploit could be used to perfom any action with admin privileges such as managing content, adding users, uploading backdoors to the server, etc. Successful exploitation occurs when an admin user visits a notification page with stored cross-site scripting.	9.4.0 Affected by 3 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-dnf9-9hrt-1qfx Aliases: CVE-2018-15811 GHSA-h595-8pw6-5q6v	Inadequate Encryption Strength in DotNetNuke DNN (aka DotNetNuke) 9.2 through 9.2.1 uses a weak encryption algorithm to protect input parameters.	9.2.2 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} 9.3.0 Affected by 4 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-jw1r-pvtw-d3bz Aliases: CVE-2018-15812 GHSA-pf46-gqg9-j3v3	Insufficient Entropy DNN (aka DotNetNuke) incorrectly converts encryption key source values, resulting in lower than expected entropy.	9.2.1.533 Affected by 7 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 9.2.2 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} 9.3.0 Affected by 4 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-m5hg-ajyc-3qf1 Aliases: CVE-2020-5187 GHSA-4qf5-7xc2-wqpg	Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') DNN (formerly DotNetNuke) allows Path Traversal.	9.5.0 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} 9.13.0-ci0000 Affected by 0 other vulnerabilities.
VCID-qscj-d21p-nfby Aliases: CVE-2020-5186 GHSA-9phr-h5mx-4fp6	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') DNN (formerly DotNetNuke) allows XSS.	9.5.0 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} 9.13.0-ci0000 Affected by 0 other vulnerabilities.
VCID-uk5d-ubkt-6fhn Aliases: CVE-2018-18326 GHSA-xx3h-j3cx-8qfj	Insufficient Entropy DNN (aka DotNetNuke) incorrectly converts encryption key source values, resulting in lower than expected entropy. NOTE: this issue exists because of an incomplete fix for CVE-2018-15812.	9.3.0 Affected by 4 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-y9ym-w5m9-e3bs Aliases: CVE-2020-5188 GHSA-vjcm-j85r-7p68	Incorrect Resource Transfer Between Spheres DNN (formerly DotNetNuke) has Insecure Permissions.	9.5.0 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} 9.13.0-ci0000 Affected by 0 other vulnerabilities.

Vulnerabilities fixed by this package (1)

Vulnerability	Summary	Aliases
VCID-xn9v-vadd-zyd1	DNN (aka DotNetNuke) suffers from a Server-Side Request Forgery (SSRF) vulnerability in the DnnImageHandler class. Attackers may be able to access information about internal network resources.	CVE-2017-0929 GHSA-g8j6-m4p7-5rfq

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-06-04T20:27:38.741211+00:00	GitLab Importer	Affected by	VCID-y9ym-w5m9-e3bs	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/nuget/DotNetNuke.Core/CVE-2020-5188.yml	38.6.0
2026-06-04T20:27:38.040399+00:00	GitLab Importer	Affected by	VCID-m5hg-ajyc-3qf1	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/nuget/DotNetNuke.Core/CVE-2020-5187.yml	38.6.0
2026-06-04T20:27:31.470011+00:00	GitLab Importer	Affected by	VCID-qscj-d21p-nfby	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/nuget/DotNetNuke.Core/CVE-2020-5186.yml	38.6.0
2026-06-04T20:24:43.071857+00:00	GitLab Importer	Affected by	VCID-3e7c-8uk1-ruch	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/nuget/DotNetNuke.Core/CVE-2019-12562.yml	38.6.0
2026-06-04T20:23:16.141665+00:00	GitLab Importer	Affected by	VCID-2dnh-g597-juce	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/nuget/DotNetNuke.Core/CVE-2018-18325.yml	38.6.0
2026-06-04T20:23:15.745538+00:00	GitLab Importer	Affected by	VCID-dnf9-9hrt-1qfx	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/nuget/DotNetNuke.Core/CVE-2018-15811.yml	38.6.0
2026-06-04T20:23:13.368726+00:00	GitLab Importer	Affected by	VCID-uk5d-ubkt-6fhn	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/nuget/DotNetNuke.Core/CVE-2018-18326.yml	38.6.0
2026-06-04T20:23:12.741606+00:00	GitLab Importer	Affected by	VCID-jw1r-pvtw-d3bz	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/nuget/DotNetNuke.Core/CVE-2018-15812.yml	38.6.0
2026-06-04T18:21:07.351782+00:00	GHSA Importer	Fixing	VCID-xn9v-vadd-zyd1	https://github.com/advisories/GHSA-g8j6-m4p7-5rfq	38.6.0
2026-06-02T04:37:58.563150+00:00	GitLab Importer	Fixing	VCID-xn9v-vadd-zyd1	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/nuget/DotNetNuke.Core/CVE-2017-0929.yml	38.6.0