Show filters
29 Total Results
Displaying 1-10 of 29
Sort by:
Attacker Value
Unknown

CVE-2015-2794

Disclosure Date: February 06, 2017 (last updated November 26, 2024)
The installation wizard in DotNetNuke (DNN) before 7.4.1 allows remote attackers to reinstall the application and gain SuperUser access via a direct request to Install/InstallWizard.aspx.
0
0
Attacker Value
Unknown

CVE-2016-7119

Disclosure Date: August 31, 2016 (last updated November 25, 2024)
Cross-site scripting (XSS) vulnerability in the user-profile biography section in DotNetNuke (DNN) before 8.0.1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted onclick attribute in an IMG element.
0
0
Attacker Value
Unknown

CVE-2015-1566

Disclosure Date: February 09, 2015 (last updated October 05, 2023)
Cross-site scripting (XSS) vulnerability in DotNetNuke (DNN) before 7.4.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
0
0
Attacker Value
Unknown

CVE-2013-7335

Disclosure Date: March 12, 2014 (last updated October 05, 2023)
Open redirect vulnerability in DotNetNuke (DNN) before 6.2.9 and 7.x before 7.1.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.
0
0
Attacker Value
Unknown

CVE-2013-4649

Disclosure Date: March 12, 2014 (last updated October 05, 2023)
Cross-site scripting (XSS) vulnerability in DotNetNuke (DNN) before 6.2.9 and 7.x before 7.1.1 allows remote attackers to inject arbitrary web script or HTML via the __dnnVariable parameter to the default URI.
0
0
Attacker Value
Unknown

CVE-2013-3943

Disclosure Date: March 12, 2014 (last updated October 05, 2023)
Cross-site scripting (XSS) vulnerability in DotNetNuke (DNN) before 6.2.9 and 7.x before 7.1.1 allows remote authenticated users to inject arbitrary web script or HTML via vectors related to the Display Name field in the Manage Profile.
0
0
Attacker Value
Unknown

CVE-2012-1030

Disclosure Date: April 11, 2012 (last updated October 04, 2023)
Cross-site scripting (XSS) vulnerability in DotNetNuke 6.x through 6.0.2 allows user-assisted remote attackers to inject arbitrary web script or HTML via a crafted URL containing text that is used within a modal popup.
0
0
Attacker Value
Unknown

CVE-2012-1036

Disclosure Date: April 11, 2012 (last updated October 04, 2023)
Cross-site scripting (XSS) vulnerability in the telerik HTML editor in DotNetNuke before 5.6.4 and 6.x before 6.1.0 allows remote attackers to inject arbitrary web script or HTML via a message.
0
0
Attacker Value
Unknown

CVE-2010-4514

Disclosure Date: December 09, 2010 (last updated October 04, 2023)
Cross-site scripting (XSS) vulnerability in Install/InstallWizard.aspx in DotNetNuke 5.05.01 and 5.06.00 allows remote attackers to inject arbitrary web script or HTML via the __VIEWSTATE parameter. NOTE: some of these details are obtained from third party information.
0
0
Attacker Value
Unknown

CVE-2009-4110

Disclosure Date: November 29, 2009 (last updated October 04, 2023)
Cross-site scripting (XSS) vulnerability in the search functionality in DotNetNuke 4.8 through 5.1.4 allows remote attackers to inject arbitrary web script or HTML via search terms that are not properly filtered before display in a custom results page.
0
0
View More Topics  Next >