Show filters
16 Total Results
Displaying 11-16 of 16
Sort by:
Attacker Value
Unknown

CVE-2018-18325

Disclosure Date: July 03, 2019 (last updated November 27, 2024)
DNN (aka DotNetNuke) 9.2 through 9.2.2 uses a weak encryption algorithm to protect input parameters. NOTE: this issue exists because of an incomplete fix for CVE-2018-15811.
Attack Vector: NetworkPrivileges: NoneUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2018-15811

Disclosure Date: July 03, 2019 (last updated November 27, 2024)
DNN (aka DotNetNuke) 9.2 through 9.2.1 uses a weak encryption algorithm to protect input parameters.
Attack Vector: NetworkPrivileges: NoneUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2018-18326

Disclosure Date: July 03, 2019 (last updated November 27, 2024)
DNN (aka DotNetNuke) 9.2 through 9.2.2 incorrectly converts encryption key source values, resulting in lower than expected entropy. NOTE: this issue exists because of an incomplete fix for CVE-2018-15812.
Attack Vector: NetworkPrivileges: NoneUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2018-14486

Disclosure Date: March 21, 2019 (last updated November 27, 2024)
DNN (formerly DotNetNuke) 9.1.1 allows cross-site scripting (XSS) via XML.
0
0
Attacker Value
Unknown

CVE-2017-0929

Disclosure Date: July 03, 2018 (last updated November 27, 2024)
DNN (aka DotNetNuke) before 9.2.0 suffers from a Server-Side Request Forgery (SSRF) vulnerability in the DnnImageHandler class. Attackers may be able to access information about internal network resources.
0
0
Attacker Value
Unknown

CVE-2017-9822

Disclosure Date: July 20, 2017 (last updated July 25, 2024)
DNN (aka DotNetNuke) before 9.1.1 has Remote Code Execution via a cookie, aka "2017-08 (Critical) Possible remote code execution on DNN sites."
Attack Vector: NetworkPrivileges: LowUser Interaction: None
0
0
View More Topics  < Previous