VYPR

DNN

by Dnnsoftware

CVEs (2)

  • CVE-2021-31858MedJul 20, 2022
    risk 0.35cvss 5.4epss 0.01

    DotNetNuke (DNN) 9.9.1 CMS is vulnerable to a Stored Cross-Site Scripting vulnerability in the user profile biography section which allows remote authenticated users to inject arbitrary code via a crafted payload.

  • CVE-2020-11585MedApr 6, 2020
    risk 0.28cvss 4.3epss 0.01

    There is an information disclosure issue in DNN (formerly DotNetNuke) 9.5 within the built-in Activity-Feed/Messaging/Userid/ Message Center module. A registered user is able to enumerate any file in the Admin File Manager (other than ones contained in a secure folder) by…