threat
engine
.sh
Back
·
··:··
Home
/
Product
/
dnnsoftware dotnetnuke
Product
dnnsoftware dotnetnuke
77 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
Sort
Newest first
Oldest first
Highest CVSS
Lowest CVSS
Min CVSS
Any
4.0+
7.0+ (High)
9.0+ (Critical)
Published since
Reset
CVE-2026-40321
< 10.2.2
DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Prior to version 10.
8.0
HIGH
CVE-2026-40306
>= 10.0.0 and < 10.2.2
DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. All new installation
6.5
MEDIUM
CVE-2026-40305
>= 6.0.0 and < 10.2.2
DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Starting in version
4.3
MEDIUM
CVE-2020-37103
<= 9.5.0
DotNetNuke 9.5 contains a persistent cross-site scripting vulnerability that allows normal users to upload malicious XML files wit
6.4
MEDIUM
CVE-2026-24838
< 9.13.10
DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Prior to versions 9.
9.1
CRITICAL
CVE-2026-24837
>= 9.0.0 and < 9.13.10
DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Starting in version
7.6
HIGH
CVE-2026-24836
>= 9.0.0 and < 9.13.10
DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Starting in version
7.6
HIGH
CVE-2026-24833
< 9.13.10
DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Prior to versions 9.
7.6
HIGH
CVE-2026-24784
>= 9.0.0 and < 9.13.10
DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Starting in version
6.8
MEDIUM
CVE-2025-64095
< 10.1.1
DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Prior to 10.1.1, the
10.0
CRITICAL
CVE-2025-64094
< 10.1.1
DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Prior to 10.1.1, sa
6.4
MEDIUM
CVE-2025-62802
< 10.1.1
DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Prior to 10.1.1, the
4.3
MEDIUM
CVE-2025-59821
< 10.1.0
DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Prior to version 10.
6.5
MEDIUM
CVE-2025-59548
< 10.1.0
DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Prior to version 10.
6.1
MEDIUM
CVE-2025-59547
< 10.1.0
DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Prior to version 10.
5.3
MEDIUM
CVE-2025-59546
< 10.1.0
DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Prior to version 10.
2.4
LOW
CVE-2025-59545
< 10.1.0
DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Prior to version 10.
9.0
CRITICAL
CVE-2025-59539
< 10.1.0
DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Prior to version 10.
6.3
MEDIUM
CVE-2025-59535
< 10.1.0
DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Prior to version 10.
6.5
MEDIUM
CVE-2025-52488
>= 6.0.0 and < 10.0.1
DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. In versions 6.0.0 to
8.6
HIGH
CVE-2025-52487
>= 7.0.0 and < 10.0.1
DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. In versions 7.0.0 to
7.5
HIGH
CVE-2025-52486
>= 6.0.0 and < 10.0.1
DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. In versions 6.0.0 to
6.1
MEDIUM
CVE-2025-52485
>= 6.0.0 and < 10.0.1
DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. In versions 6.0.0 to
5.4
MEDIUM
CVE-2025-48378
< 9.13.9
DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Prior to version 9.1
5.4
MEDIUM
CVE-2025-48377
< 9.13.9
DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Prior to version 9.1
5.4
MEDIUM
CVE-2025-48376
< 9.13.9
DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Prior to version 9.1
3.5
LOW
CVE-2025-32374
< 9.13.8
DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Possible denial of s
5.9
MEDIUM
CVE-2025-32373
< 9.13.8
DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. In limited configura
6.5
MEDIUM
CVE-2025-32372
< 9.13.8
DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. A bypass has been id
6.5
MEDIUM
CVE-2025-32371
< 9.13.4
DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. A url could be craft
4.3
MEDIUM
CVE-2025-32036
< 9.13.8
DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. The algorithm used t
4.2
MEDIUM
CVE-2025-32035
< 9.13.2
DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Prior to 9.13.2, whe
2.6
LOW
CVE-2022-47053
>= 7.0.0 and <= 9.10.2
An arbitrary file upload vulnerability in the Digital Assets Manager module of DNN Corp DotNetNuke v7.0.0 to v9.10.2 allows attack
5.4
MEDIUM
CVE-2022-2922
< 9.11.0
Relative Path Traversal in GitHub repository dnnsoftware/dnn.platform prior to 9.11.0.
4.9
MEDIUM
CVE-2021-31858
<= 9.10.2
DotNetNuke (DNN) 9.9.1 CMS is vulnerable to a Stored Cross-Site Scripting vulnerability in the user profile biography section whic
5.4
MEDIUM
CVE-2021-40186
<= 9.10.2
The AppCheck research team identified a Server-Side Request Forgery (SSRF) vulnerability within the DNN CMS platform, formerly kno
6.5
MEDIUM
CVE-2020-11585
all versions
There is an information disclosure issue in DNN (formerly DotNetNuke) 9.5 within the built-in Activity-Feed/Messaging/Userid/ Mess
4.3
MEDIUM
CVE-2020-5188
<= 9.4.4
DNN (formerly DotNetNuke) through 9.4.4 has Insecure Permissions.
6.5
MEDIUM
CVE-2020-5187
<= 9.4.4
DNN (formerly DotNetNuke) through 9.4.4 allows Path Traversal (issue 2 of 2).
8.8
HIGH
CVE-2020-5186
<= 9.4.4
DNN (formerly DotNetNuke) through 9.4.4 allows XSS (issue 1 of 2).
5.4
MEDIUM
CVE-2019-12562
< 9.4.0
Stored Cross-Site Scripting in DotNetNuke (DNN) Version before 9.4.0 allows remote attackers to store and embed the malicious scri
6.1
MEDIUM
CVE-2018-18326
>= 9.2 and <= 9.2.2
DNN (aka DotNetNuke) 9.2 through 9.2.2 incorrectly converts encryption key source values, resulting in lower than expected entropy
7.5
HIGH
CVE-2018-18325
>= 9.2 and <= 9.2.2
DNN (aka DotNetNuke) 9.2 through 9.2.2 uses a weak encryption algorithm to protect input parameters. NOTE: this issue exists becau
7.5
HIGH
CVE-2018-15812
>= 9.2 and <= 9.2.1
DNN (aka DotNetNuke) 9.2 through 9.2.1 incorrectly converts encryption key source values, resulting in lower than expected entropy
7.5
HIGH
CVE-2018-15811
>= 9.2 and <= 9.2.1
DNN (aka DotNetNuke) 9.2 through 9.2.1 uses a weak encryption algorithm to protect input parameters.
7.5
HIGH
CVE-2018-14486
all versions
DNN (formerly DotNetNuke) 9.1.1 allows cross-site scripting (XSS) via XML.
6.1
MEDIUM
CVE-2017-0929
< 9.2.0
DNN (aka DotNetNuke) before 9.2.0 suffers from a Server-Side Request Forgery (SSRF) vulnerability in the DnnImageHandler class. At
7.5
HIGH
CVE-2017-9822
< 9.1.1
DNN (aka DotNetNuke) before 9.1.1 has Remote Code Execution via a cookie, aka "2017-08 (Critical) Possible remote code execution o
8.8
HIGH
CVE-2015-2794
<= 07.04.00
The installation wizard in DotNetNuke (DNN) before 7.4.1 allows remote attackers to reinstall the application and gain SuperUser a
9.8
CRITICAL
CVE-2016-7119
<= 08.00.04
Cross-site scripting (XSS) vulnerability in the user-profile biography section in DotNetNuke (DNN) before 8.0.1 allows remote auth
5.4
MEDIUM
CVE-2015-1566
<= 07.03.04
Cross-site scripting (XSS) vulnerability in DotNetNuke (DNN) before 7.4.0 allows remote attackers to inject arbitrary web script o
CVE-2013-7335
<= 6.2.8
Open redirect vulnerability in DotNetNuke (DNN) before 6.2.9 and 7.x before 7.1.1 allows remote attackers to redirect users to arb
CVE-2013-4649
<= 6.2.8
Cross-site scripting (XSS) vulnerability in DotNetNuke (DNN) before 6.2.9 and 7.x before 7.1.1 allows remote attackers to inject a
CVE-2013-3943
<= 6.2.8
Cross-site scripting (XSS) vulnerability in DotNetNuke (DNN) before 6.2.9 and 7.x before 7.1.1 allows remote authenticated users t
CVE-2012-1036
<= 5.6.3
Cross-site scripting (XSS) vulnerability in the telerik HTML editor in DotNetNuke before 5.6.4 and 6.x before 6.1.0 allows remote
CVE-2012-1030
all versions
Cross-site scripting (XSS) vulnerability in DotNetNuke 6.x through 6.0.2 allows user-assisted remote attackers to inject arbitrary
CVE-2010-4514
all versions
Cross-site scripting (XSS) vulnerability in Install/InstallWizard.aspx in DotNetNuke 5.05.01 and 5.06.00 allows remote attackers t
CVE-2009-4110
all versions
Cross-site scripting (XSS) vulnerability in the search functionality in DotNetNuke 4.8 through 5.1.4 allows remote attackers to in
CVE-2009-4109
all versions
The install wizard in DotNetNuke 4.0 through 5.1.4 does not prevent anonymous users from accessing functionality related to determ
CVE-2008-7102
all versions
DotNetNuke 2.0 through 4.8.4 allows remote attackers to load .ascx files instead of skin files, and possibly access privileged fun
CVE-2008-7101
all versions
Unspecified vulnerability in DotNetNuke 4.0 through 4.8.4 and 5.0 allows remote attackers to obtain sensitive information (portal
CVE-2008-7100
all versions
Unspecified vulnerability in DotNetNuke 4.4.1 through 4.8.4 allows remote authenticated users to bypass authentication and gain pr
CVE-2009-1366
<= 4.9.2
Cross-site scripting (XSS) vulnerability in Website\admin\Sales\paypalipn.aspx in DotNetNuke (DNN) before 4.9.3 allows remote atta
CVE-2008-6733
all versions
Cross-site scripting (XSS) vulnerability in the error handling page in DotNetNuke 4.6.2 through 4.8.3 allows remote attackers to i
CVE-2008-6732
<= 4.8.3
Cross-site scripting (XSS) vulnerability in the Language skin object in DotNetNuke before 4.8.4 allows remote attackers to inject
CVE-2008-6644
<= 4.8.3
Cross-site scripting (XSS) vulnerability in Default.aspx in DotNetNuke 4.8.3 and earlier allows remote attackers to inject arbitra
CVE-2008-6542
<= 4.8.1
Unspecified vulnerability in the Skin Manager in DotNetNuke before 4.8.2 allows remote authenticated administrators to perform "se
CVE-2008-6541
<= 4.8.1
Unrestricted file upload vulnerability in the file manager module in DotNetNuke before 4.8.2 allows remote administrators to uploa
CVE-2008-6540
<= 4.8.1
DotNetNuke before 4.8.2, during installation or upgrade, does not warn the administrator when the default (1) ValidationKey and (2
CVE-2008-6399
all versions
Unspecified vulnerability in DotNetNuke 4.5.2 through 4.9 allows remote attackers to "add additional roles to their user account"
CVE-2007-0660
<= 03.01.01
Cross-site scripting (XSS) vulnerability in the IFrame module before 03.02.01 for DotNetNuke (DNN) allows remote attackers to inje
CVE-2006-4973
all versions
Cross-site scripting (XSS) vulnerability in Default.aspx in Perpetual Motion Interactive Systems DotNetNuke before 3.3.5, and 4.x
CVE-2006-3601
all versions
UNVERIFIABLE
Unspecified vulnerability in an unspecified DNN Modules module for DotNetNuke (.net nuke) allows remote attack
CVE-2005-0040
<= 3.0.11
Multiple cross-site scripting (XSS) vulnerabilities in DotNetNuke before 3.0.12 allow remote attackers to inject arbitrary web scr
CVE-2004-2325
all versions
Cross-site scripting (XSS) vulnerability in EditModule.aspx for DotNetNuke (formerly IBuySpy Workshop) 1.0.6 through 1.0.10d allow
CVE-2004-2324
all versions
SQL injection vulnerability in DotNetNuke (formerly IBuySpy Workshop) 1.0.6 through 1.0.10d allows remote attackers to modify the
CVE-2004-2323
all versions
DotNetNuke (formerly IBuySpy Workshop) 1.0.6 through 1.0.10d allows remote attackers to obtain sensitive information, including th
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh · Open-source threat intelligence platform · 100+ authoritative sources · Every fact traces to its origin