CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2025-32374 – Possible Denial of Service (DoS) in DNN.PLATFORM registration
https://notcve.org/view.php?id=CVE-2025-32374
09 Apr 2025 — DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Possible denial of service with specially crafted information in the public registration form. This vulnerability is fixed in 9.13.8. • https://github.com/dnnsoftware/Dnn.Platform/security/advisories/GHSA-vc6j-mcqj-rgfp • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-32373 – DNN allows a registered user to enumerate and access files they should not have access to
https://notcve.org/view.php?id=CVE-2025-32373
09 Apr 2025 — DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. In limited configurations, registered users may be able to craft a request to enumerate/access some portal files they should not have access to. This vulnerability is fixed in 9.13.8. • https://github.com/dnnsoftware/Dnn.Platform/security/advisories/GHSA-vxcm-4rwh-chpc • CWE-639: Authorization Bypass Through User-Controlled Key •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-32372 – Server-Side Request Forgery (SSRF) in DotNetNuke.Core
https://notcve.org/view.php?id=CVE-2025-32372
09 Apr 2025 — DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. A bypass has been identified for the previously known vulnerability CVE-2017-0929, allowing unauthenticated attackers to execute arbitrary GET requests against target systems, including internal or adjacent networks. This vulnerability facilitates a semi-blind SSRF attack, allowing attackers to make the target server send requests to internal or external URLs without viewing the full responses. Pote... • https://github.com/dnnsoftware/Dnn.Platform/commit/4721dd9eef846936d3b1a3676499e46968d15feb • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0CVE-2025-32371 – Unexpected external content may be displayed in DNN ImageHandler
https://notcve.org/view.php?id=CVE-2025-32371
09 Apr 2025 — DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. A url could be crafted to the DNN ImageHandler to render text from a querystring parameter. This text would display in the resulting image and a user that trusts the domain might think that the information is legitimate. This vulnerability is fixed in 9.13.4. • https://github.com/dnnsoftware/Dnn.Platform/commit/5def7cc2e7931bb1041b21540bde99f96874a5a9 • CWE-451: User Interface (UI) Misrepresentation of Critical Information •
CVSS: 4.2EPSS: 0%CPEs: 1EXPL: 0CVE-2025-32036 – DNN allows the possibility of bypassing Captcha
https://notcve.org/view.php?id=CVE-2025-32036
08 Apr 2025 — DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. The algorithm used to generate the captcha image shows the least complexity of the desired image. For this reason, the created image can be easily read by OCR tools, and the intruder can send automatic requests by building a robot and using this tool. This vulnerability is fixed in 9.13.8. • https://github.com/dnnsoftware/Dnn.Platform/commit/abda726e75f1938c8d89795b5dceb80dc4e2e6c5 • CWE-804: Guessable CAPTCHA •
CVSS: 2.6EPSS: 0%CPEs: 1EXPL: 0CVE-2025-32035 – DNN does not check the contents of a file when uploading files
https://notcve.org/view.php?id=CVE-2025-32035
08 Apr 2025 — DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Prior to 9.13.2, when uploading files (e.g. when uploading assets), the file extension is checked to see if it's an allowed file type but the actual contents of the file aren't checked. This means that it's possible to e.g. upload an executable file renamed to be a .jpg. This file could then be executed by another security vulnerability. This vulnerability is fixed in 9.13.2. • https://github.com/dnnsoftware/Dnn.Platform/commit/a5c13c3836cfbde374dc19dac032cd51af41050a • CWE-351: Insufficient Type Distinction •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2022-47053
https://notcve.org/view.php?id=CVE-2022-47053
12 Apr 2023 — An arbitrary file upload vulnerability in the Digital Assets Manager module of DNN Corp DotNetNuke v7.0.0 to v9.10.2 allows attackers to execute arbitrary code via a crafted SVG file. • https://www.dnnsoftware.com/community/security/security-center • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2022-2922 – Relative Path Traversal in dnnsoftware/dnn.platform
https://notcve.org/view.php?id=CVE-2022-2922
30 Sep 2022 — Relative Path Traversal in GitHub repository dnnsoftware/dnn.platform prior to 9.11.0. Un Salto de Ruta Relativo en el repositorio de GitHub dnnsoftware/dnn.platform versiones anteriores a 9.11.0 • https://github.com/dnnsoftware/dnn.platform/commit/9b17351592fbde376506ba6705dbcc7a74a2a195 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-23: Relative Path Traversal •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2021-31858
https://notcve.org/view.php?id=CVE-2021-31858
20 Jul 2022 — DotNetNuke (DNN) 9.9.1 CMS is vulnerable to a Stored Cross-Site Scripting vulnerability in the user profile biography section which allows remote authenticated users to inject arbitrary code via a crafted payload. DotNetNuke (DNN) versión 9.9.1 CMS es susceptible a una vulnerabilidad de tipo Cross-Site Scripting Almacenado en la sección de biografía del perfil de usuario que permite a usuarios remotos autenticados inyectar código arbitrario por medio de una carga útil diseñada • https://labs.integrity.pt/advisories/cve-2021-31858 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2021-40186 – DNN CMS Server-Side Request Forgery (SSRF)
https://notcve.org/view.php?id=CVE-2021-40186
31 May 2022 — The AppCheck research team identified a Server-Side Request Forgery (SSRF) vulnerability within the DNN CMS platform, formerly known as DotNetNuke. SSRF vulnerabilities allow the attacker to exploit the target system to make network requests on their behalf, allowing a range of possible attacks. In the most common scenario, the attacker exploits SSRF vulnerabilities to attack systems behind the firewall and access sensitive information from Cloud Provider metadata services. El equipo de investigación de App... • https://appcheck-ng.com/dnn-cms-server-side-request-forgery-cve-2021-40186 • CWE-918: Server-Side Request Forgery (SSRF) •