Dnnsoftware Dotnetnuke — known CVE vulnerabilities
Every CVE whose affected-product data names Dnnsoftware Dotnetnuke, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (76)
CVE-2006-3601 — CVSS 10.0 (critical): ** UNVERIFIABLE ** Unspecified vulnerability in an unspecified DNN Modules module for DotNetNuke (.net nuke) allows remote attackers to…
CVE-2025-64095 — CVSS 10.0 (critical): DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Prior to 10.1.1, the default…
CVE-2015-2794 — CVSS 9.8 (critical): The installation wizard in DotNetNuke (DNN) before 7.4.1 allows remote attackers to reinstall the application and gain SuperUser access via…
CVE-2026-24838 — CVSS 9.1 (critical): DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Prior to versions 9.13.10 and…
CVE-2025-59545 — CVSS 9.0 (critical): DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Prior to version 10.1.0, the…
CVE-2025-52488 — CVSS 8.6 (high): DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. In versions 6.0.0 to before…
CVE-2026-40321 — CVSS 8.0 (high): DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Prior to version 10.2.2, a…
CVE-2026-24837 — CVSS 7.6 (high): DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Starting in version 9.0.0 and…
CVE-2026-24836 — CVSS 7.6 (high): DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Starting in version 9.0.0 and…
CVE-2026-24833 — CVSS 7.6 (high): DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Prior to versions 9.13.10 and…
CVE-2025-52487 — CVSS 7.5 (high): DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. In versions 7.0.0 to before…
CVE-2004-2324 — CVSS 7.5 (high): SQL injection vulnerability in DotNetNuke (formerly IBuySpy Workshop) 1.0.6 through 1.0.10d allows remote attackers to modify the backend…
CVE-2017-0929 — CVSS 7.5 (high): DNN (aka DotNetNuke) before 9.2.0 suffers from a Server-Side Request Forgery (SSRF) vulnerability in the DnnImageHandler class. Attackers…
CVE-2018-18326 — CVSS 7.5 (high): DNN (aka DotNetNuke) 9.2 through 9.2.2 incorrectly converts encryption key source values, resulting in lower than expected entropy. NOTE…
CVE-2008-7102 — CVSS 7.5 (high): DotNetNuke 2.0 through 4.8.4 allows remote attackers to load .ascx files instead of skin files, and possibly access privileged…
CVE-2018-15812 — CVSS 7.5 (high): DNN (aka DotNetNuke) 9.2 through 9.2.1 incorrectly converts encryption key source values, resulting in lower than expected entropy.
CVE-2026-24784 — CVSS 6.8 (medium): DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Starting in version 9.0.0 and…
CVE-2008-6541 — CVSS 6.8 (medium): Unrestricted file upload vulnerability in the file manager module in DotNetNuke before 4.8.2 allows remote administrators to upload…
CVE-2021-40186 — CVSS 6.5 (medium): The AppCheck research team identified a Server-Side Request Forgery (SSRF) vulnerability within the DNN CMS platform, formerly known as…
CVE-2026-40306 — CVSS 6.5 (medium): DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. All new installations of DNN…
CVE-2008-7100 — CVSS 6.5 (medium): Unspecified vulnerability in DotNetNuke 4.4.1 through 4.8.4 allows remote authenticated users to bypass authentication and gain privileges…
CVE-2025-59821 — CVSS 6.5 (medium): DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Prior to version 10.1.0…
CVE-2025-59535 — CVSS 6.5 (medium): DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Prior to version 10.1.0…
CVE-2025-32373 — CVSS 6.5 (medium): DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. In limited configurations…
CVE-2025-32372 — CVSS 6.5 (medium): DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. A bypass has been identified…
CVE-2025-64094 — CVSS 6.4 (medium): DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Prior to 10.1.1, sanitization…
CVE-2008-6399 — CVSS 6.4 (medium): Unspecified vulnerability in DotNetNuke 4.5.2 through 4.9 allows remote attackers to "add additional roles to their user account" via…
CVE-2020-37103 — CVSS 6.4 (medium): DotNetNuke 9.5 contains a persistent cross-site scripting vulnerability that allows normal users to upload malicious XML files with…
CVE-2025-59539 — CVSS 6.3 (medium): DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Prior to version 10.1.0, when…
CVE-2025-52486 — CVSS 6.1 (medium): DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. In versions 6.0.0 to before…
CVE-2025-59548 — CVSS 6.1 (medium): DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Prior to version 10.1.0…
CVE-2019-12562 — CVSS 6.1 (medium): Stored Cross-Site Scripting in DotNetNuke (DNN) Version before 9.4.0 allows remote attackers to store and embed the malicious script into…
CVE-2025-32374 — CVSS 5.9 (medium): DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Possible denial of service…
CVE-2016-7119 — CVSS 5.4 (medium): Cross-site scripting (XSS) vulnerability in the user-profile biography section in DotNetNuke (DNN) before 8.0.1 allows remote authenticated…
CVE-2021-31858 — CVSS 5.4 (medium): DotNetNuke (DNN) 9.9.1 CMS is vulnerable to a Stored Cross-Site Scripting vulnerability in the user profile biography section which allows…
CVE-2022-47053 — CVSS 5.4 (medium): An arbitrary file upload vulnerability in the Digital Assets Manager module of DNN Corp DotNetNuke v7.0.0 to v9.10.2 allows attackers to…
CVE-2025-48377 — CVSS 5.4 (medium): DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Prior to version 9.13.9, a…
CVE-2025-48378 — CVSS 5.4 (medium): DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Prior to version 9.13.9…
CVE-2025-52485 — CVSS 5.4 (medium): DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. In versions 6.0.0 to before…
CVE-2025-59547 — CVSS 5.3 (medium): DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Prior to version 10.1.0, the…
CVE-2008-6540 — CVSS 5.1 (medium): DotNetNuke before 4.8.2, during installation or upgrade, does not warn the administrator when the default (1) ValidationKey and (2)…
CVE-2008-7101 — CVSS 5.0 (medium): Unspecified vulnerability in DotNetNuke 4.0 through 4.8.4 and 5.0 allows remote attackers to obtain sensitive information (portal number)…
CVE-2004-2323 — CVSS 5.0 (medium): DotNetNuke (formerly IBuySpy Workshop) 1.0.6 through 1.0.10d allows remote attackers to obtain sensitive information, including the SQL…
CVE-2009-4109 — CVSS 5.0 (medium): The install wizard in DotNetNuke 4.0 through 5.1.4 does not prevent anonymous users from accessing functionality related to determination…
CVE-2008-6542 — CVSS 4.6 (medium): Unspecified vulnerability in the Skin Manager in DotNetNuke before 4.8.2 allows remote authenticated administrators to perform "server-side…
CVE-2004-2325 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in EditModule.aspx for DotNetNuke (formerly IBuySpy Workshop) 1.0.6 through 1.0.10d allows remote…
CVE-2013-4649 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in DotNetNuke (DNN) before 6.2.9 and 7.x before 7.1.1 allows remote attackers to inject arbitrary…
CVE-2012-1036 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in the telerik HTML editor in DotNetNuke before 5.6.4 and 6.x before 6.1.0 allows remote attackers…
CVE-2012-1030 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in DotNetNuke 6.x through 6.0.2 allows user-assisted remote attackers to inject arbitrary web…
CVE-2010-4514 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in Install/InstallWizard.aspx in DotNetNuke 5.05.01 and 5.06.00 allows remote attackers to inject…
CVE-2006-4973 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in Default.aspx in Perpetual Motion Interactive Systems DotNetNuke before 3.3.5, and 4.x before…
CVE-2009-1366 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in Website\admin\Sales\paypalipn.aspx in DotNetNuke (DNN) before 4.9.3 allows remote attackers to…
CVE-2025-62802 — CVSS 4.3 (medium): DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Prior to 10.1.1, the…
CVE-2008-6733 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in the error handling page in DotNetNuke 4.6.2 through 4.8.3 allows remote attackers to inject…
CVE-2008-6732 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in the Language skin object in DotNetNuke before 4.8.4 allows remote attackers to inject arbitrary…
CVE-2008-6644 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in Default.aspx in DotNetNuke 4.8.3 and earlier allows remote attackers to inject arbitrary web…
CVE-2009-4110 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in the search functionality in DotNetNuke 4.8 through 5.1.4 allows remote attackers to inject…
CVE-2025-32371 — CVSS 4.3 (medium): DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. A url could be crafted to the…
CVE-2020-11585 — CVSS 4.3 (medium): There is an information disclosure issue in DNN (formerly DotNetNuke) 9.5 within the built-in Activity-Feed/Messaging/Userid/ Message…
CVE-2015-1566 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in DotNetNuke (DNN) before 7.4.0 allows remote attackers to inject arbitrary web script or HTML…
CVE-2013-7335 — CVSS 4.3 (medium): Open redirect vulnerability in DotNetNuke (DNN) before 6.2.9 and 7.x before 7.1.1 allows remote attackers to redirect users to arbitrary…
CVE-2026-40305 — CVSS 4.3 (medium): DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Starting in version 6.0.0 and…
CVE-2005-0040 — CVSS 4.3 (medium): Multiple cross-site scripting (XSS) vulnerabilities in DotNetNuke before 3.0.12 allow remote attackers to inject arbitrary web script or…
CVE-2025-32036 — CVSS 4.2 (medium): DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. The algorithm used to…
CVE-2013-3943 — CVSS 3.5 (low): Cross-site scripting (XSS) vulnerability in DotNetNuke (DNN) before 6.2.9 and 7.x before 7.1.1 allows remote authenticated users to inject…
CVE-2025-48376 — CVSS 3.5 (low): DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Prior to version 9.13.9, a…
CVE-2025-32035 — CVSS 2.6 (low): DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Prior to 9.13.2, when…
CVE-2025-59546 — CVSS 2.4 (low): DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Prior to version 10.1.0…