cbcvebase.

Dnnsoftware Dotnetnuke vulnerabilities

75 known vulnerabilities affecting dnnsoftware/dotnetnuke.

Total CVEs
75
CISA KEV
3
actively exploited
Public exploits
14
Exploited in wild
6
Severity breakdown
CRITICAL3HIGH16MEDIUM54LOW2

Vulnerabilities

Page 4 of 4
CVE-2025-32371P4MEDIUMCVSS 4.3fixed in 9.13.42025-04-09
CVE-2025-32371 [MEDIUM] CWE-451 CVE-2025-32371: DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft e DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. A url could be crafted to the DNN ImageHandler to render text from a querystring parameter. This text would display in the resulting image and a user that trusts the domain might think that the information is legitimate. This vulnerability i
nvd
CVE-2008-7101P4MEDIUMCVSS 5.0v4.0v4.3.5+14 more2009-08-27
CVE-2008-7101 [MEDIUM] CVE-2008-7101: Unspecified vulnerability in DotNetNuke 4.0 through 4.8.4 and 5.0 allows remote attackers to obtain Unspecified vulnerability in DotNetNuke 4.0 through 4.8.4 and 5.0 allows remote attackers to obtain sensitive information (portal number) by accessing the install wizard page via unknown vectors.
nvd
CVE-2013-4649P4MEDIUMCVSS 4.3≤ 6.2.8v1.0.6+63 more2014-03-12
CVE-2013-4649 [MEDIUM] CWE-79 CVE-2013-4649: Cross-site scripting (XSS) vulnerability in DotNetNuke (DNN) before 6.2.9 and 7.x before 7.1.1 allow Cross-site scripting (XSS) vulnerability in DotNetNuke (DNN) before 6.2.9 and 7.x before 7.1.1 allows remote attackers to inject arbitrary web script or HTML via the __dnnVariable parameter to the default URI.
nvd
CVE-2015-1566P4MEDIUMCVSS 4.3≤ 07.03.042015-02-09
CVE-2015-1566 [MEDIUM] CWE-79 CVE-2015-1566: Cross-site scripting (XSS) vulnerability in DotNetNuke (DNN) before 7.4.0 allows remote attackers to Cross-site scripting (XSS) vulnerability in DotNetNuke (DNN) before 7.4.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
nvd
CVE-2009-4110P4MEDIUMCVSS 4.3v4.8.0v4.8.1+12 more2009-11-29
CVE-2009-4110 [MEDIUM] CWE-79 CVE-2009-4110: Cross-site scripting (XSS) vulnerability in the search functionality in DotNetNuke 4.8 through 5.1.4 Cross-site scripting (XSS) vulnerability in the search functionality in DotNetNuke 4.8 through 5.1.4 allows remote attackers to inject arbitrary web script or HTML via search terms that are not properly filtered before display in a custom results page.
nvd
CVE-2005-0040P4MEDIUMCVSS 4.3≤ 3.0.112005-05-19
CVE-2005-0040 [MEDIUM] CVE-2005-0040: Multiple cross-site scripting (XSS) vulnerabilities in DotNetNuke before 3.0.12 allow remote attacke Multiple cross-site scripting (XSS) vulnerabilities in DotNetNuke before 3.0.12 allow remote attackers to inject arbitrary web script or HTML via the (1) register a new user page, (2) User-Agent, or (3) Username, which is not properly quoted before sending to the error log.
nvd
CVE-2004-2325P4MEDIUMCVSS 4.3v1.0.6v1.0.7+3 more2004-12-31
CVE-2004-2325 [MEDIUM] CVE-2004-2325: Cross-site scripting (XSS) vulnerability in EditModule.aspx for DotNetNuke (formerly IBuySpy Worksho Cross-site scripting (XSS) vulnerability in EditModule.aspx for DotNetNuke (formerly IBuySpy Workshop) 1.0.6 through 1.0.10d allows remote attackers to inject arbitrary web script or HTML.
nvd
CVE-2008-6732P4MEDIUMCVSS 4.3≤ 4.8.3v1.0.6+24 more2009-04-21
CVE-2008-6732 [MEDIUM] CWE-79 CVE-2008-6732: Cross-site scripting (XSS) vulnerability in the Language skin object in DotNetNuke before 4.8.4 allo Cross-site scripting (XSS) vulnerability in the Language skin object in DotNetNuke before 4.8.4 allows remote attackers to inject arbitrary web script or HTML via "newly generated paths."
nvd
CVE-2009-1366P4MEDIUMCVSS 4.3≤ 4.9.2v1.0.6+28 more2009-04-22
CVE-2009-1366 [MEDIUM] CWE-79 CVE-2009-1366: Cross-site scripting (XSS) vulnerability in Website\admin\Sales\paypalipn.aspx in DotNetNuke (DNN) b Cross-site scripting (XSS) vulnerability in Website\admin\Sales\paypalipn.aspx in DotNetNuke (DNN) before 4.9.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to "name/value pairs" and "paypal IPN functionality."
nvd
CVE-2012-1036P4MEDIUMCVSS 4.3≤ 5.6.3v4.9.1+8 more2012-04-11
CVE-2012-1036 [MEDIUM] CWE-79 CVE-2012-1036: Cross-site scripting (XSS) vulnerability in the telerik HTML editor in DotNetNuke before 5.6.4 and 6 Cross-site scripting (XSS) vulnerability in the telerik HTML editor in DotNetNuke before 5.6.4 and 6.x before 6.1.0 allows remote attackers to inject arbitrary web script or HTML via a message.
nvd
CVE-2012-1030P4MEDIUMCVSS 4.3v6.0.0v6.0.1+1 more2012-04-11
CVE-2012-1030 [MEDIUM] CWE-79 CVE-2012-1030: Cross-site scripting (XSS) vulnerability in DotNetNuke 6.x through 6.0.2 allows user-assisted remote Cross-site scripting (XSS) vulnerability in DotNetNuke 6.x through 6.0.2 allows user-assisted remote attackers to inject arbitrary web script or HTML via a crafted URL containing text that is used within a modal popup.
nvd
CVE-2008-6733P4MEDIUMCVSS 4.3v4.6.2v4.8.1+2 more2009-04-21
CVE-2008-6733 [MEDIUM] CWE-79 CVE-2008-6733: Cross-site scripting (XSS) vulnerability in the error handling page in DotNetNuke 4.6.2 through 4.8. Cross-site scripting (XSS) vulnerability in the error handling page in DotNetNuke 4.6.2 through 4.8.3 allows remote attackers to inject arbitrary web script or HTML via the querystring parameter.
nvd
CVE-2013-7335P4MEDIUMCVSS 4.3≤ 6.2.8v1.0.6+63 more2014-03-12
CVE-2013-7335 [MEDIUM] CWE-20 CVE-2013-7335: Open redirect vulnerability in DotNetNuke (DNN) before 6.2.9 and 7.x before 7.1.1 allows remote atta Open redirect vulnerability in DotNetNuke (DNN) before 6.2.9 and 7.x before 7.1.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.
nvd
CVE-2013-3943P4LOWCVSS 3.5≤ 6.2.8v1.0.6+63 more2014-03-12
CVE-2013-3943 [LOW] CWE-79 CVE-2013-3943: Cross-site scripting (XSS) vulnerability in DotNetNuke (DNN) before 6.2.9 and 7.x before 7.1.1 allow Cross-site scripting (XSS) vulnerability in DotNetNuke (DNN) before 6.2.9 and 7.x before 7.1.1 allows remote authenticated users to inject arbitrary web script or HTML via vectors related to the Display Name field in the Manage Profile.
nvd
CVE-2025-48376P4LOWCVSS 2.4fixed in 9.13.92025-05-23
CVE-2025-48376 [LOW] CWE-841 CVE-2025-48376: DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft e DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Prior to version 9.13.9, a malicious SuperUser (Host) could craft a request to use an external url for a site export to then be imported. Version 9.13.9 fixes the issue.
nvd
Dnnsoftware Dotnetnuke vulnerabilities | cvebase