VYPR

Dnn.platform

by Dnnsoftware

nuget: dnn.platform

Source repositories

CVEs (31)

  • CVE-2025-48377May 23, 2025
    risk 0.00cvss epss 0.00

    DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Prior to version 9.13.9, a specially crafted URL may be constructed which can inject an XSS payload that is triggered by using some module actions. Version 9.13.9 fixes…

  • CVE-2025-48378May 23, 2025
    risk 0.00cvss epss 0.00

    DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Prior to version 9.13.9, uploaded SVG files could contain scripts and if rendered inline those scripts could run allowing XSS attacks. Version 9.13.9 fixes the issue.

  • CVE-2025-48376May 23, 2025
    risk 0.00cvss epss 0.00

    DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Prior to version 9.13.9, a malicious SuperUser (Host) could craft a request to use an external url for a site export to then be imported. Version 9.13.9 fixes the issue.

  • CVE-2025-32374Apr 9, 2025
    risk 0.00cvss epss 0.00

    DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Possible denial of service with specially crafted information in the public registration form. This vulnerability is fixed in 9.13.8.

  • CVE-2025-32373Apr 9, 2025
    risk 0.00cvss epss 0.00

    DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. In limited configurations, registered users may be able to craft a request to enumerate/access some portal files they should not have access to. This vulnerability is…

  • CVE-2025-32372Apr 9, 2025
    risk 0.00cvss epss 0.00

    DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. A bypass has been identified for the previously known vulnerability CVE-2017-0929, allowing unauthenticated attackers to execute arbitrary GET requests against target…

  • CVE-2025-32371Apr 9, 2025
    risk 0.00cvss epss 0.00

    DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. A url could be crafted to the DNN ImageHandler to render text from a querystring parameter. This text would display in the resulting image and a user that trusts the…

  • CVE-2025-32036Apr 8, 2025
    risk 0.00cvss epss 0.00

    DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. The algorithm used to generate the captcha image shows the least complexity of the desired image. For this reason, the created image can be easily read by OCR tools, and…

  • CVE-2025-32035Apr 8, 2025
    risk 0.00cvss epss 0.00

    DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Prior to 9.13.2, when uploading files (e.g. when uploading assets), the file extension is checked to see if it's an allowed file type but the actual contents of the file…

  • CVE-2022-2922Sep 30, 2022
    risk 0.00cvss epss 0.01

    Relative Path Traversal in GitHub repository dnnsoftware/dnn.platform prior to 9.11.0.

  • CVE-2021-40186May 31, 2022
    risk 0.00cvss epss 0.01

    The AppCheck research team identified a Server-Side Request Forgery (SSRF) vulnerability within the DNN CMS platform, formerly known as DotNetNuke. SSRF vulnerabilities allow the attacker to exploit the target system to make network requests on their behalf, allowing a range of…

Page 2 of 2