CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2022-47053
https://notcve.org/view.php?id=CVE-2022-47053
12 Apr 2023 — An arbitrary file upload vulnerability in the Digital Assets Manager module of DNN Corp DotNetNuke v7.0.0 to v9.10.2 allows attackers to execute arbitrary code via a crafted SVG file. • https://www.dnnsoftware.com/community/security/security-center • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2022-2922 – Relative Path Traversal in dnnsoftware/dnn.platform
https://notcve.org/view.php?id=CVE-2022-2922
30 Sep 2022 — Relative Path Traversal in GitHub repository dnnsoftware/dnn.platform prior to 9.11.0. Un Salto de Ruta Relativo en el repositorio de GitHub dnnsoftware/dnn.platform versiones anteriores a 9.11.0 • https://github.com/dnnsoftware/dnn.platform/commit/9b17351592fbde376506ba6705dbcc7a74a2a195 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-23: Relative Path Traversal •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2021-31858
https://notcve.org/view.php?id=CVE-2021-31858
20 Jul 2022 — DotNetNuke (DNN) 9.9.1 CMS is vulnerable to a Stored Cross-Site Scripting vulnerability in the user profile biography section which allows remote authenticated users to inject arbitrary code via a crafted payload. DotNetNuke (DNN) versión 9.9.1 CMS es susceptible a una vulnerabilidad de tipo Cross-Site Scripting Almacenado en la sección de biografía del perfil de usuario que permite a usuarios remotos autenticados inyectar código arbitrario por medio de una carga útil diseñada • https://labs.integrity.pt/advisories/cve-2021-31858 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2021-40186 – DNN CMS Server-Side Request Forgery (SSRF)
https://notcve.org/view.php?id=CVE-2021-40186
31 May 2022 — The AppCheck research team identified a Server-Side Request Forgery (SSRF) vulnerability within the DNN CMS platform, formerly known as DotNetNuke. SSRF vulnerabilities allow the attacker to exploit the target system to make network requests on their behalf, allowing a range of possible attacks. In the most common scenario, the attacker exploits SSRF vulnerabilities to attack systems behind the firewall and access sensitive information from Cloud Provider metadata services. El equipo de investigación de App... • https://appcheck-ng.com/dnn-cms-server-side-request-forgery-cve-2021-40186 • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 1CVE-2020-11585
https://notcve.org/view.php?id=CVE-2020-11585
06 Apr 2020 — There is an information disclosure issue in DNN (formerly DotNetNuke) 9.5 within the built-in Activity-Feed/Messaging/Userid/ Message Center module. A registered user is able to enumerate any file in the Admin File Manager (other than ones contained in a secure folder) by sending themselves a message with the file attached, e.g., by using an arbitrary small integer value in the fileIds parameter. Se presenta un problema de divulgación de información en DNN (anteriormente DotNetNuke) versión 9.5, dentro del ... • https://neff.blog/2020/04/04/dotnetnuke-9-5-file-path-information-disclosure • CWE-330: Use of Insufficiently Random Values CWE-639: Authorization Bypass Through User-Controlled Key •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 2CVE-2020-5186 – DotNetNuke CMS 9.5.0 Cross Site Scripting
https://notcve.org/view.php?id=CVE-2020-5186
24 Feb 2020 — DNN (formerly DotNetNuke) through 9.4.4 allows XSS (issue 1 of 2). DNN (anteriormente DotNetNuke) versiones hasta 9.4.4, permite un ataque de tipo XSS (problema 1 de 2). Cross site scripting attacks can be launched against DotNetNuke CMS version 9.5.0 by uploading a malicious XML file. • https://packetstorm.news/files/id/156483 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 4%CPEs: 1EXPL: 2CVE-2020-5187 – DotNetNuke CMS 9.4.4 Zip Directory Traversal
https://notcve.org/view.php?id=CVE-2020-5187
24 Feb 2020 — DNN (formerly DotNetNuke) through 9.4.4 allows Path Traversal (issue 2 of 2). DNN (anteriormente DotNetNuke) versiones hasta 9.4.4, permite un Salto de Ruta (problema 2 de 2). DotNetNuke CMS version 9.4.4 suffers from zip split issue where a directory traversal attack can be performed to overwrite files or execute malicious code. • https://packetstorm.news/files/id/156489 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 2CVE-2020-5188 – DotNetNuke CMS 9.5.0 File Extension Check Bypass
https://notcve.org/view.php?id=CVE-2020-5188
24 Feb 2020 — DNN (formerly DotNetNuke) through 9.4.4 has Insecure Permissions. DNN (anteriormente DotNetNuke) versiones hasta 9.4.4, presenta Permisos No Seguros. DotNetNuke CMS version 9.5.0 suffers from file extension check bypass vulnerability that allows for arbitrary file upload. • https://packetstorm.news/files/id/156484 • CWE-434: Unrestricted Upload of File with Dangerous Type CWE-669: Incorrect Resource Transfer Between Spheres •
CVSS: 6.1EPSS: 38%CPEs: 1EXPL: 4CVE-2019-12562 – DotNetNuke < 9.4.0 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2019-12562
26 Sep 2019 — Stored Cross-Site Scripting in DotNetNuke (DNN) Version before 9.4.0 allows remote attackers to store and embed the malicious script into the admin notification page. The exploit could be used to perfom any action with admin privileges such as managing content, adding users, uploading backdoors to the server, etc. Successful exploitation occurs when an admin user visits a notification page with stored cross-site scripting. Una vulnerabilidad de tipo cross-site scripting (XSS) es posible en DNN (anteriorment... • https://packetstorm.news/files/id/154673 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 76%CPEs: 1EXPL: 3CVE-2018-18326 – DotNetNuke - Cookie Deserialization Remote Code Execution
https://notcve.org/view.php?id=CVE-2018-18326
03 Jul 2019 — DNN (aka DotNetNuke) 9.2 through 9.2.2 incorrectly converts encryption key source values, resulting in lower than expected entropy. NOTE: this issue exists because of an incomplete fix for CVE-2018-15812. DNN (también conocido como DotNetNuke) versión 9.2 hasta la versión 9.2.2 convierte incorrectamente los valores de origen de la clave de cifrado, lo que resulta en una entropía más baja de lo esperado. NOTA: este problema existe debido a una solución incompleta para CVE-2018-15812. • https://packetstorm.news/files/id/157080 • CWE-331: Insufficient Entropy •