VYPR
Vendor

DNN

Products
3
CVEs
11
Across products
11
Status
Private

Products

3

Recent CVEs

11
  • CVE-2018-9126CriApr 4, 2018
    risk 0.71cvss 9.8epss 0.50

    The DNNArticle module 11 for DNN (formerly DotNetNuke) allows remote attackers to read the web.config file, and consequently discover database credentials, via the /GetCSS.ashx/?CP=%2fweb.config URI.

  • CVE-2025-32373MedApr 9, 2025
    risk 0.42cvss 6.5epss 0.00

    DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. In limited configurations, registered users may be able to craft a request to enumerate/access some portal files they should not have access to. This vulnerability is…

  • CVE-2025-59548MedSep 23, 2025
    risk 0.40cvss 6.1epss 0.00

    DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Prior to version 10.1.0, specially crafted URLs to the FileBrowser are vulnerable to javascript injection, affecting any unsuspecting user clicking such link. This issue…

  • CVE-2018-10138MedApr 16, 2018
    risk 0.40cvss 6.1epss 0.01

    The CATALooK.netStore module through 7.2.8 for DNN (formerly DotNetNuke) allows XSS via the /ViewEditGoogleMaps.aspx PortalID or CATSkin parameter, or the /ImageViewer.aspx link or desc parameter.

  • CVE-2025-32374MedApr 9, 2025
    risk 0.38cvss 5.9epss 0.00

    DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Possible denial of service with specially crafted information in the public registration form. This vulnerability is fixed in 9.13.8.

  • CVE-2025-59547MedSep 23, 2025
    risk 0.34cvss 5.3epss 0.00

    DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Prior to version 10.1.0, the CKEditor file upload endpoint has insufficient sanitization for filenames allowing probing network endpoints. A specially crafted request…

  • CVE-2020-11585MedApr 6, 2020
    risk 0.28cvss 4.3epss 0.01

    There is an information disclosure issue in DNN (formerly DotNetNuke) 9.5 within the built-in Activity-Feed/Messaging/Userid/ Message Center module. A registered user is able to enumerate any file in the Admin File Manager (other than ones contained in a secure folder) by…

  • CVE-2026-24833Jan 27, 2026
    risk 0.00cvss epss 0.00

    DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Prior to versions 9.13.10 and 10.2.0, a module could install with richtext in its description field which could contain scripts that will run for user in the Persona…

  • CVE-2025-32371MedApr 9, 2025
    risk 0.00cvss 4.3epss 0.00

    DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. A url could be crafted to the DNN ImageHandler to render text from a querystring parameter. This text would display in the resulting image and a user that trusts the…

  • CVE-2025-32036MedApr 8, 2025
    risk 0.00cvss 4.2epss 0.00

    DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. The algorithm used to generate the captcha image shows the least complexity of the desired image. For this reason, the created image can be easily read by OCR tools, and…

  • CVE-2025-32035LowApr 8, 2025
    risk 0.00cvss 2.6epss 0.00

    DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Prior to 9.13.2, when uploading files (e.g. when uploading assets), the file extension is checked to see if it's an allowed file type but the actual contents of the file…