Filtered by vendor Dnnsoftware Subscriptions

Search

Switch to Advanced Search (Beta)
Total 26 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2020-11585 1 Dnnsoftware 1 Dotnetnuke 2024-11-21 4.3 Medium
There is an information disclosure issue in DNN (formerly DotNetNuke) 9.5 within the built-in Activity-Feed/Messaging/Userid/ Message Center module. A registered user is able to enumerate any file in the Admin File Manager (other than ones contained in a secure folder) by sending themselves a message with the file attached, e.g., by using an arbitrary small integer value in the fileIds parameter.
CVE-2019-12562 1 Dnnsoftware 1 Dotnetnuke 2024-11-21 6.1 Medium
Stored Cross-Site Scripting in DotNetNuke (DNN) Version before 9.4.0 allows remote attackers to store and embed the malicious script into the admin notification page. The exploit could be used to perfom any action with admin privileges such as managing content, adding users, uploading backdoors to the server, etc. Successful exploitation occurs when an admin user visits a notification page with stored cross-site scripting.
CVE-2018-18326 1 Dnnsoftware 1 Dotnetnuke 2024-11-21 7.5 High
DNN (aka DotNetNuke) 9.2 through 9.2.2 incorrectly converts encryption key source values, resulting in lower than expected entropy. NOTE: this issue exists because of an incomplete fix for CVE-2018-15812.
CVE-2018-15812 1 Dnnsoftware 1 Dotnetnuke 2024-11-21 7.5 High
DNN (aka DotNetNuke) 9.2 through 9.2.1 incorrectly converts encryption key source values, resulting in lower than expected entropy.
CVE-2018-14486 1 Dnnsoftware 1 Dotnetnuke 2024-11-21 N/A
DNN (formerly DotNetNuke) 9.1.1 allows cross-site scripting (XSS) via XML.
CVE-2017-0929 1 Dnnsoftware 1 Dotnetnuke 2024-11-21 N/A
DNN (aka DotNetNuke) before 9.2.0 suffers from a Server-Side Request Forgery (SSRF) vulnerability in the DnnImageHandler class. Attackers may be able to access information about internal network resources.