Dotnetnuke » Dotnetnuke » 5.0 : Security Vulnerabilities, CVEs,

cpe:2.3:a:dotnetnuke:dotnetnuke:5.0:*:*:*:*:*:*:*

CVE-2016-7119

Cross-site scripting (XSS) vulnerability in the user-profile biography section in DotNetNuke (DNN) before 8.0.1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted onclick attribute in an IMG element.
Max CVSS
5.4
EPSS Score
0.07%
Published
2016-08-31
Updated
2016-11-28

CVE-2015-2794

Public exploit
The installation wizard in DotNetNuke (DNN) before 7.4.1 allows remote attackers to reinstall the application and gain SuperUser access via a direct request to Install/InstallWizard.aspx.
Max CVSS
9.8
EPSS Score
97.43%
Published
2017-02-06
Updated
2017-03-02

CVE-2015-1566

Cross-site scripting (XSS) vulnerability in DotNetNuke (DNN) before 7.4.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Max CVSS
4.3
EPSS Score
0.11%
Published
2015-02-09
Updated
2015-02-09

CVE-2013-7335

Open redirect vulnerability in DotNetNuke (DNN) before 6.2.9 and 7.x before 7.1.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.
Max CVSS
4.3
EPSS Score
0.15%
Published
2014-03-12
Updated
2014-03-13

CVE-2013-4649

Cross-site scripting (XSS) vulnerability in DotNetNuke (DNN) before 6.2.9 and 7.x before 7.1.1 allows remote attackers to inject arbitrary web script or HTML via the __dnnVariable parameter to the default URI.
Max CVSS
4.3
EPSS Score
0.25%
Published
2014-03-12
Updated
2017-08-29

CVE-2013-3943

Cross-site scripting (XSS) vulnerability in DotNetNuke (DNN) before 6.2.9 and 7.x before 7.1.1 allows remote authenticated users to inject arbitrary web script or HTML via vectors related to the Display Name field in the Manage Profile.
Max CVSS
3.5
EPSS Score
0.09%
Published
2014-03-12
Updated
2014-03-13

CVE-2012-1036

Cross-site scripting (XSS) vulnerability in the telerik HTML editor in DotNetNuke before 5.6.4 and 6.x before 6.1.0 allows remote attackers to inject arbitrary web script or HTML via a message.
Max CVSS
4.3
EPSS Score
0.11%
Published
2012-04-11
Updated
2012-04-11

CVE-2009-4110

Cross-site scripting (XSS) vulnerability in the search functionality in DotNetNuke 4.8 through 5.1.4 allows remote attackers to inject arbitrary web script or HTML via search terms that are not properly filtered before display in a custom results page.
Max CVSS
4.3
EPSS Score
0.25%
Published
2009-11-29
Updated
2017-08-17

CVE-2009-4109

The install wizard in DotNetNuke 4.0 through 5.1.4 does not prevent anonymous users from accessing functionality related to determination of the need for an upgrade, which allows remote attackers to access version information and possibly other sensitive information.
Max CVSS
5.0
EPSS Score
0.20%
Published
2009-11-29
Updated
2009-11-30

CVE-2008-7101

Unspecified vulnerability in DotNetNuke 4.0 through 4.8.4 and 5.0 allows remote attackers to obtain sensitive information (portal number) by accessing the install wizard page via unknown vectors.
Max CVSS
5.0
EPSS Score
0.47%
Published
2009-08-27
Updated
2017-08-17
10 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!
Accept Close