pkg:NuGet/DotNetNuke.Core

All known vulnerabilities

• HIGH8.8CVE-2017-9822⚠ KEVDNN (aka DotNetNuke) has Remote Code Execution via a cookie
  from 0, < 9.1.1
• HIGH7.5CVE-2018-15811⚠ KEVInadequate Encryption Strength in DotNetNuke
  >= 9.2.0, < 9.2.2
• HIGH7.5⚠ KEVInadequate Encryption Strength in DotNetNuke
  from 0, < 9.3.0
• CRITICAL9.8The installation wizard in DotNetNuke (DNN) allows privilege escalation
  from 0, < 7.4.1
• CRITICAL9.1DotNetNuke.Core Vulnerable to Stored XSS via Module Title
  from 0, < 9.13.10
• CRITICAL9.0DNN Vulnerable to Stored Cross-Site Scripting (XSS) in the Prompt module
  from 0, < 10.1.0
• HIGH8.8DNN Path Traversal via Zip Slip
  from 0, < 9.5.0
• HIGH8.0DotNetNuke.Core has stored cross-site-scripting (XSS) via SVG upload
  from 0, < 10.2.2
• HIGH7.6DotNetNuke.Core Vulnerable to Stored XSS in Module Deletion Confirmation Modal
  >= 9.0.0, <= 9.13.9
• HIGH7.6DotNetNuke.Core Vulnerable to Stored XSS in Scheduler LogNotes
  >= 9.0.0, <= 9.13.9
• HIGH7.5Insufficient Entropy in DotNetNuke
  >= 9.2.0, < 9.2.2
• HIGH7.5Insufficient Entropy in DotNetNuke
  from 0, < 9.3.0
• HIGH7.5High severity vulnerability that affects DotNetNuke.Core
  from 0, < 9.2.0
• MEDIUM6.9DotNetNuke.Core has a potential XSS vulnerability in modules' header and footer
  >= 9.0.0, < 9.13.10
• MEDIUM6.5DNN: Same HostGUID for all new installs
  >= 10.0.0, < 10.2.2
• MEDIUM6.5DNN vulnerable to Reflected Cross-Site Scripting (XSS) using url to profile
  from 0, < 10.1.0
• MEDIUM6.5DNN allows loading unused themes on anonymous clients through query parameters
  from 0, < 10.1.0
• MEDIUM6.5DotNetNuke.Core Vulnerable to Server-Side Request Forgery (SSRF)
  from 0, < 9.13.8
• MEDIUM6.5DNN File Upload Vulnerability
  from 0, <= 9.4.4
• MEDIUM6.4DNN vulnerable to stored cross-site-scripting (XSS) via SVG upload
  from 0, < 10.1.1
• MEDIUM6.3DNN affected by Stored Cross-Site Scripting (XSS) in Profile Biography field
  from 0, < 10.1.0
• MEDIUM6.1DNN XSS Vulnerability
  from 0, <= 9.1.1
• MEDIUM6.1Stored Cross-Site Scripting vulnerability in admin component of DotNetNuke
  from 0, < 9.4.0
• MEDIUM5.4DNN XSS Vulnerability
  from 0, <= 9.4.4
• MEDIUM5.4Cross-site scripting (XSS) vulnerability in the user-profile biography section in DotNetNuke (DNN)
  from 0, < 8.0.1
• MEDIUM4.9DNN vulnerable to Relative Path Traversal
  from 0, < 9.11.0
• MEDIUM4.3DNN: Force Friend Request Acceptance
  >= 6.0.0, < 10.2.2
• MEDIUM4.0DotNetNuke (DNN) Open redirect vulnerability
  from 0, < 6.2.9
• LOW2.4DNN Vulnerable to Stored XSS Using Backend Admin Credentials
  from 0, < 10.1.0
• —DNN allows Stored Cross-Site Scripting (XSS) with svg files rendered inline
  from 0, < 9.13.9
• —Reflected Cross-Site Scripting (XSS) in module actions in edit mode
  from 0, < 9.13.9
• —DotNetNuke (DNN) Cross-site scripting (XSS) vulnerability via the __dnnVariable parameter
  from 0, < 6.2.9
• —DotNetNuke Default Machine Key Exposure
  from 0, < 4.8.2
• —DotNetNuke Vulnerable to XSS in Pass-Through Values
  from 0, < 03.02.01
• —Moderate severity vulnerability that affects DotNetNuke.Core
  from 0, < 7.4.0