Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Dotnetnuke Subscribe
Filtered by product Dotnetnuke
Total 28 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2013-3943 1 Dotnetnuke 1 Dotnetnuke 2014-03-13 3.5 LOW N/A
Cross-site scripting (XSS) vulnerability in DotNetNuke (DNN) before 6.2.9 and 7.x before 7.1.1 allows remote authenticated users to inject arbitrary web script or HTML via vectors related to the Display Name field in the Manage Profile.
CVE-2012-1030 1 Dotnetnuke 1 Dotnetnuke 2012-04-11 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in DotNetNuke 6.x through 6.0.2 allows user-assisted remote attackers to inject arbitrary web script or HTML via a crafted URL containing text that is used within a modal popup.
CVE-2012-1036 1 Dotnetnuke 1 Dotnetnuke 2012-04-11 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the telerik HTML editor in DotNetNuke before 5.6.4 and 6.x before 6.1.0 allows remote attackers to inject arbitrary web script or HTML via a message.
CVE-2010-4514 1 Dotnetnuke 1 Dotnetnuke 2010-12-09 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in Install/InstallWizard.aspx in DotNetNuke 5.05.01 and 5.06.00 allows remote attackers to inject arbitrary web script or HTML via the __VIEWSTATE parameter. NOTE: some of these details are obtained from third party information.
CVE-2009-4109 1 Dotnetnuke 1 Dotnetnuke 2009-11-29 5.0 MEDIUM N/A
The install wizard in DotNetNuke 4.0 through 5.1.4 does not prevent anonymous users from accessing functionality related to determination of the need for an upgrade, which allows remote attackers to access version information and possibly other sensitive information.
CVE-2008-6541 1 Dotnetnuke 1 Dotnetnuke 2009-08-18 6.8 MEDIUM N/A
Unrestricted file upload vulnerability in the file manager module in DotNetNuke before 4.8.2 allows remote administrators to upload arbitrary files and gain privileges to the server via unspecified vectors.
CVE-2009-1366 1 Dotnetnuke 1 Dotnetnuke 2009-05-13 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in Website\admin\Sales\paypalipn.aspx in DotNetNuke (DNN) before 4.9.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to "name/value pairs" and "paypal IPN functionality."
CVE-2008-6399 1 Dotnetnuke 1 Dotnetnuke 2009-03-05 6.4 MEDIUM N/A
Unspecified vulnerability in DotNetNuke 4.5.2 through 4.9 allows remote attackers to "add additional roles to their user account" via unknown attack vectors.