Filtered by vendor Dotnetnuke
Subscribe
Total
29 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2013-7335 | 1 Dotnetnuke | 1 Dotnetnuke | 2014-03-13 | 4.3 MEDIUM | N/A |
| Open redirect vulnerability in DotNetNuke (DNN) before 6.2.9 and 7.x before 7.1.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. | |||||
| CVE-2013-3943 | 1 Dotnetnuke | 1 Dotnetnuke | 2014-03-13 | 3.5 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in DotNetNuke (DNN) before 6.2.9 and 7.x before 7.1.1 allows remote authenticated users to inject arbitrary web script or HTML via vectors related to the Display Name field in the Manage Profile. | |||||
| CVE-2012-1030 | 1 Dotnetnuke | 1 Dotnetnuke | 2012-04-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in DotNetNuke 6.x through 6.0.2 allows user-assisted remote attackers to inject arbitrary web script or HTML via a crafted URL containing text that is used within a modal popup. | |||||
| CVE-2012-1036 | 1 Dotnetnuke | 1 Dotnetnuke | 2012-04-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the telerik HTML editor in DotNetNuke before 5.6.4 and 6.x before 6.1.0 allows remote attackers to inject arbitrary web script or HTML via a message. | |||||
| CVE-2010-4514 | 1 Dotnetnuke | 1 Dotnetnuke | 2010-12-09 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Install/InstallWizard.aspx in DotNetNuke 5.05.01 and 5.06.00 allows remote attackers to inject arbitrary web script or HTML via the __VIEWSTATE parameter. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2009-4109 | 1 Dotnetnuke | 1 Dotnetnuke | 2009-11-29 | 5.0 MEDIUM | N/A |
| The install wizard in DotNetNuke 4.0 through 5.1.4 does not prevent anonymous users from accessing functionality related to determination of the need for an upgrade, which allows remote attackers to access version information and possibly other sensitive information. | |||||
| CVE-2008-6541 | 1 Dotnetnuke | 1 Dotnetnuke | 2009-08-18 | 6.8 MEDIUM | N/A |
| Unrestricted file upload vulnerability in the file manager module in DotNetNuke before 4.8.2 allows remote administrators to upload arbitrary files and gain privileges to the server via unspecified vectors. | |||||
| CVE-2009-1366 | 1 Dotnetnuke | 1 Dotnetnuke | 2009-05-13 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Website\admin\Sales\paypalipn.aspx in DotNetNuke (DNN) before 4.9.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to "name/value pairs" and "paypal IPN functionality." | |||||
| CVE-2008-6399 | 1 Dotnetnuke | 1 Dotnetnuke | 2009-03-05 | 6.4 MEDIUM | N/A |
| Unspecified vulnerability in DotNetNuke 4.5.2 through 4.9 allows remote attackers to "add additional roles to their user account" via unknown attack vectors. | |||||