Dnnsoftware Dotnetnuke
10 CVEs affecting Dnnsoftware Dotnetnuke. Latest disclosed: 2026-02-03. Critical: 1, High: 0.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2015-2794 | Critical | 9.8 | 2017-02-06 | The installation wizard in DotNetNuke (DNN) before 7.4.1 allows remote attackers to reinstall the application and gain SuperUser access via a direct request to… |
CVE-2020-37103 | Medium | 6.4 | 2026-02-03 | DotNetNuke 9.5 contains a persistent cross-site scripting vulnerability that allows normal users to upload malicious XML files with executable scripts through… |
CVE-2016-7119 | Medium | 5.4 | 2016-08-31 | Cross-site scripting (XSS) vulnerability in the user-profile biography section in DotNetNuke (DNN) before 8.0.1 allows remote authenticated users to inject arb… |
CVE-2015-1566 | | 2015-02-09 | Cross-site scripting (XSS) vulnerability in DotNetNuke (DNN) before 7.4.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vector… | |
CVE-2013-7335 | | 2014-03-12 | Open redirect vulnerability in DotNetNuke (DNN) before 6.2.9 and 7.x before 7.1.1 allows remote attackers to redirect users to arbitrary web sites and conduct… | |
CVE-2013-4649 | | 2014-03-12 | Cross-site scripting (XSS) vulnerability in DotNetNuke (DNN) before 6.2.9 and 7.x before 7.1.1 allows remote attackers to inject arbitrary web script or HTML v… | |
CVE-2013-3943 | | 2014-03-12 | Cross-site scripting (XSS) vulnerability in DotNetNuke (DNN) before 6.2.9 and 7.x before 7.1.1 allows remote authenticated users to inject arbitrary web script… | |
CVE-2012-1036 | | 2012-04-11 | Cross-site scripting (XSS) vulnerability in the telerik HTML editor in DotNetNuke before 5.6.4 and 6.x before 6.1.0 allows remote attackers to inject arbitrary… | |
CVE-2012-1030 | | 2012-04-11 | Cross-site scripting (XSS) vulnerability in DotNetNuke 6.x through 6.0.2 allows user-assisted remote attackers to inject arbitrary web script or HTML via a cra… | |
CVE-2010-4514 | | 2010-12-09 | Cross-site scripting (XSS) vulnerability in Install/InstallWizard.aspx in DotNetNuke 5.05.01 and 5.06.00 allows remote attackers to inject arbitrary web script… |