VulnerableCode Package Details - pkg:nuget/DotNetNuke.Core@9.3.2

Staging Environment: Content and features may be unstable or change without notice.

Search for packages

Package details: pkg:nuget/DotNetNuke.Core@9.3.2

Essentials
History (4)

purl	pkg:nuget/DotNetNuke.Core@9.3.2

Next non-vulnerable version	9.6.0
Latest non-vulnerable version	10.2.2
Risk

Vulnerabilities affecting this package (4)

Vulnerability	Summary	Fixed by
VCID-3e7c-8uk1-ruch Aliases: CVE-2019-12562 GHSA-5whq-j5qg-wjvp	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Stored Cross-Site Scripting in DotNetNuke (DNN) allows remote attackers to store and embed the malicious script into the admin notification page. The exploit could be used to perfom any action with admin privileges such as managing content, adding users, uploading backdoors to the server, etc. Successful exploitation occurs when an admin user visits a notification page with stored cross-site scripting.	9.4.0 Affected by 3 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-m5hg-ajyc-3qf1 Aliases: CVE-2020-5187 GHSA-4qf5-7xc2-wqpg	Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') DNN (formerly DotNetNuke) allows Path Traversal.	9.5.0 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} 9.13.0-ci0000 Affected by 0 other vulnerabilities.
VCID-qscj-d21p-nfby Aliases: CVE-2020-5186 GHSA-9phr-h5mx-4fp6	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') DNN (formerly DotNetNuke) allows XSS.	9.5.0 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} 9.13.0-ci0000 Affected by 0 other vulnerabilities.
VCID-y9ym-w5m9-e3bs Aliases: CVE-2020-5188 GHSA-vjcm-j85r-7p68	Incorrect Resource Transfer Between Spheres DNN (formerly DotNetNuke) has Insecure Permissions.	9.5.0 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} 9.13.0-ci0000 Affected by 0 other vulnerabilities.

Vulnerabilities fixed by this package (0)

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-06-04T20:27:38.758153+00:00	GitLab Importer	Affected by	VCID-y9ym-w5m9-e3bs	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/nuget/DotNetNuke.Core/CVE-2020-5188.yml	38.6.0
2026-06-04T20:27:38.057402+00:00	GitLab Importer	Affected by	VCID-m5hg-ajyc-3qf1	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/nuget/DotNetNuke.Core/CVE-2020-5187.yml	38.6.0
2026-06-04T20:27:31.487589+00:00	GitLab Importer	Affected by	VCID-qscj-d21p-nfby	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/nuget/DotNetNuke.Core/CVE-2020-5186.yml	38.6.0
2026-06-04T20:24:43.079201+00:00	GitLab Importer	Affected by	VCID-3e7c-8uk1-ruch	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/nuget/DotNetNuke.Core/CVE-2019-12562.yml	38.6.0