VIR Vulnerability Intelligence Relay

Package impact

nuget NuGet / DotNetNuke.Core

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Published Description Impact
CVE-2015-2794 critical 9.8 9.8 9y ago The installation wizard in DotNetNuke (DNN) allows privilege escalation nuget
CVE-2016-7119 medium 5.4 5.4 10y ago Cross-site scripting (XSS) vulnerability in the user-profile biography section in DotNetNuke (DNN) nuget
CVE-2015-1566 medium 4.3 12y ago Moderate severity vulnerability that affects DotNetNuke.Core nuget
CVE-2013-7335 medium 4.3 12y ago DotNetNuke (DNN) Open redirect vulnerability nuget
CVE-2013-4649 medium 4.3 12y ago DotNetNuke (DNN) Cross-site scripting (XSS) vulnerability via the __dnnVariable parameter nuget
CVE-2018-15811 unknown 1.5 7y ago DotNetNuke (DNN) contains an inadequate encryption strength vulnerability resulting from the use of a weak encryption algorithm to protect input parameters. nuget
CVE-2018-18325 unknown 1.5 7y ago DotNetNuke (DNN) contains an inadequate encryption strength vulnerability resulting from the use of a weak encryption algorithm to protect input parameters. This CVE ID resolves an incomplete patch f… nuget
CVE-2017-9822 unknown 1.5 8y ago DotNetNuke (DNN) contains a vulnerability that may allow for remote code execution via cookie deserialization. nuget
CVE-2026-40306 unknown 2mo ago DNN: Same HostGUID for all new installs nuget
CVE-2026-40305 unknown 2mo ago DNN: Force Friend Request Acceptance nuget
CVE-2026-40321 unknown 2mo ago DotNetNuke.Core has stored cross-site-scripting (XSS) via SVG upload nuget
CVE-2026-24838 unknown 4mo ago DotNetNuke.Core Vulnerable to Stored XSS via Module Title nuget
CVE-2026-24837 unknown 4mo ago DotNetNuke.Core Vulnerable to Stored XSS in Module Deletion Confirmation Modal nuget
CVE-2026-24836 unknown 4mo ago DotNetNuke.Core Vulnerable to Stored XSS in Scheduler LogNotes nuget
CVE-2026-24784 unknown 4mo ago DotNetNuke.Core has a potential XSS vulnerability in modules' header and footer nuget
CVE-2025-64094 unknown 7mo ago DNN vulnerable to stored cross-site-scripting (XSS) via SVG upload nuget
CVE-2025-59821 unknown 8mo ago DNN vulnerable to Reflected Cross-Site Scripting (XSS) using url to profile nuget
CVE-2025-59546 unknown 8mo ago DNN Vulnerable to Stored XSS Using Backend Admin Credentials nuget
CVE-2025-59545 unknown 8mo ago DNN Vulnerable to Stored Cross-Site Scripting (XSS) in the Prompt module nuget
CVE-2025-59539 unknown 8mo ago DNN affected by Stored Cross-Site Scripting (XSS) in Profile Biography field nuget
CVE-2025-59535 unknown 8mo ago DNN allows loading unused themes on anonymous clients through query parameters nuget
CVE-2025-48378 unknown 1y ago DNN allows Stored Cross-Site Scripting (XSS) with svg files rendered inline nuget
CVE-2025-48377 unknown 1y ago Reflected Cross-Site Scripting (XSS) in module actions in edit mode nuget
CVE-2025-32372 unknown 1y ago DotNetNuke.Core Vulnerable to Server-Side Request Forgery (SSRF) nuget
CVE-2022-2922 unknown 4y ago DNN vulnerable to Relative Path Traversal nuget
CVE-2020-5188 unknown 4y ago DNN File Upload Vulnerability nuget
CVE-2020-5187 unknown 4y ago DNN Path Traversal via Zip Slip nuget
CVE-2020-5186 unknown 4y ago DNN XSS Vulnerability nuget
CVE-2008-6540 unknown 4y ago DotNetNuke Default Machine Key Exposure nuget
CVE-2018-14486 unknown 4y ago DNN XSS Vulnerability nuget
CVE-2007-0660 unknown 4y ago DotNetNuke Vulnerable to XSS in Pass-Through Values nuget
CVE-2019-12562 unknown 7y ago Stored Cross-Site Scripting vulnerability in admin component of DotNetNuke nuget
CVE-2018-15812 unknown 7y ago Insufficient Entropy in DotNetNuke nuget
CVE-2018-18326 unknown 7y ago Insufficient Entropy in DotNetNuke nuget
CVE-2017-0929 unknown 8y ago High severity vulnerability that affects DotNetNuke.Core nuget