Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:nuget/DotNetNuke.Core@9.4.0
purl pkg:nuget/DotNetNuke.Core@9.4.0
Next non-vulnerable version 9.6.0
Latest non-vulnerable version 10.2.2
Risk 4.0
Vulnerabilities affecting this package (3)
Vulnerability Summary Fixed by
VCID-m5hg-ajyc-3qf1
Aliases:
CVE-2020-5187
GHSA-4qf5-7xc2-wqpg
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') DNN (formerly DotNetNuke) allows Path Traversal.
9.5.0
Affected by 1 other vulnerability.
9.13.0-ci0000
Affected by 0 other vulnerabilities.
VCID-qscj-d21p-nfby
Aliases:
CVE-2020-5186
GHSA-9phr-h5mx-4fp6
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') DNN (formerly DotNetNuke) allows XSS.
9.5.0
Affected by 1 other vulnerability.
9.13.0-ci0000
Affected by 0 other vulnerabilities.
VCID-y9ym-w5m9-e3bs
Aliases:
CVE-2020-5188
GHSA-vjcm-j85r-7p68
Incorrect Resource Transfer Between Spheres DNN (formerly DotNetNuke) has Insecure Permissions.
9.5.0
Affected by 1 other vulnerability.
9.13.0-ci0000
Affected by 0 other vulnerabilities.
Vulnerabilities fixed by this package (1)
Vulnerability Summary Aliases
VCID-3e7c-8uk1-ruch Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Stored Cross-Site Scripting in DotNetNuke (DNN) allows remote attackers to store and embed the malicious script into the admin notification page. The exploit could be used to perfom any action with admin privileges such as managing content, adding users, uploading backdoors to the server, etc. Successful exploitation occurs when an admin user visits a notification page with stored cross-site scripting. CVE-2019-12562
GHSA-5whq-j5qg-wjvp

Date Actor Action Vulnerability Source VulnerableCode Version
2026-06-05T21:10:22.055811+00:00 GHSA Importer Fixing VCID-3e7c-8uk1-ruch https://github.com/advisories/GHSA-5whq-j5qg-wjvp 38.6.0
2026-06-04T20:27:38.762852+00:00 GitLab Importer Affected by VCID-y9ym-w5m9-e3bs https://gitlab.com/gitlab-org/advisories-community/-/blob/main/nuget/DotNetNuke.Core/CVE-2020-5188.yml 38.6.0
2026-06-04T20:27:38.061651+00:00 GitLab Importer Affected by VCID-m5hg-ajyc-3qf1 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/nuget/DotNetNuke.Core/CVE-2020-5187.yml 38.6.0
2026-06-04T20:27:31.492061+00:00 GitLab Importer Affected by VCID-qscj-d21p-nfby https://gitlab.com/gitlab-org/advisories-community/-/blob/main/nuget/DotNetNuke.Core/CVE-2020-5186.yml 38.6.0
2026-06-04T17:42:34.880679+00:00 GithubOSV Importer Fixing VCID-3e7c-8uk1-ruch https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2019/11/GHSA-5whq-j5qg-wjvp/GHSA-5whq-j5qg-wjvp.json 38.6.0
2026-06-04T16:19:35.504791+00:00 GitLab Importer Fixing VCID-3e7c-8uk1-ruch https://gitlab.com/gitlab-org/advisories-community/-/blob/main/nuget/DotNetNuke.Core/CVE-2019-12562.yml 38.6.0