Vulnerable Library - DotNetNuke-9.11.0.46.dll
DotNetNuke
Library home page: https://api.nuget.org/packages/dotnetnuke.core.9.11.0.nupkg
Path to vulnerable library: /References/DNN/09.11.00/DotNetNuke.dll
Found in HEAD commit: 6b1a9cd2a202e971cd6ab62cf229535c79441a44
Vulnerabilities
| Vulnerability |
Severity |
 CVSS |
Dependency |
Type |
Fixed in (DotNetNuke version) |
Remediation Possible** |
| CVE-2026-24838 |
 Critical |
9.1 |
DotNetNuke-9.11.0.46.dll |
Direct |
dotnetnuke.core - 10.2.0 |
❌ |
| CVE-2025-52488 |
 High |
8.6 |
DotNetNuke-9.11.0.46.dll |
Direct |
N/A |
❌ |
| CVE-2025-52487 |
High |
8.6 |
DotNetNuke-9.11.0.46.dll |
Direct |
N/A |
❌ |
| CVE-2026-24837 |
High |
7.6 |
DotNetNuke-9.11.0.46.dll |
Direct |
DotNetNuke.Core - 10.2.0 |
❌ |
| CVE-2026-24836 |
High |
7.6 |
DotNetNuke-9.11.0.46.dll |
Direct |
DotNetNuke.Core - 9.13.10,DotNetNuke.Core - 9.13.10,DotNetNuke.Core - 10.2.1,DotNetNuke.Core - 10.2.1 |
❌ |
| CVE-2026-24833 |
High |
7.6 |
DotNetNuke-9.11.0.46.dll |
Direct |
DotNetNuke.Core - 9.13.10,DotNetNuke.Core - 9.13.10,DotNetNuke.Core - 10.2.0,DotNetNuke.Core - 10.2.0 |
❌ |
| CVE-2025-32373 |
 Medium |
6.5 |
DotNetNuke-9.11.0.46.dll |
Direct |
DotNetNuke.Core - 9.13.8,DotNetNuke.Core - 9.13.8 |
❌ |
| CVE-2025-32372 |
Medium |
6.5 |
DotNetNuke-9.11.0.46.dll |
Direct |
https://github.com/dnnsoftware/Dnn.Platform.git - 9.13.8,DotNetNuke.Core - 9.13.8,DotNetNuke.Core - 9.13.8 |
❌ |
| CVE-2025-52486 |
Medium |
6.1 |
DotNetNuke-9.11.0.46.dll |
Direct |
N/A |
❌ |
| CVE-2025-32374 |
Medium |
5.9 |
DotNetNuke-9.11.0.46.dll |
Direct |
DotNetNuke.Core - 9.13.8,DotNetNuke.Core - 9.13.8 |
❌ |
| CVE-2025-52485 |
Medium |
5.4 |
DotNetNuke-9.11.0.46.dll |
Direct |
N/A |
❌ |
| CVE-2025-32371 |
Medium |
4.3 |
DotNetNuke-9.11.0.46.dll |
Direct |
DotNetNuke.Core - 9.13.4,DotNetNuke.Core - 9.13.4 |
❌ |
**In some cases, Remediation PR cannot be created automatically for a vulnerability despite the availability of remediation
Details
CVE-2026-24838
Vulnerable Library - DotNetNuke-9.11.0.46.dll
DotNetNuke
Library home page: https://api.nuget.org/packages/dotnetnuke.core.9.11.0.nupkg
Path to vulnerable library: /References/DNN/09.11.00/DotNetNuke.dll
Dependency Hierarchy:
- ❌ DotNetNuke-9.11.0.46.dll (Vulnerable Library)
Found in HEAD commit: 6b1a9cd2a202e971cd6ab62cf229535c79441a44
Found in base branch: main
Vulnerability Details
DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Prior to versions 9.13.10 and 10.2.0, module title supports richtext which could include scripts that would execute in certain scenarios. Versions 9.13.10 and 10.2.0 contain a fix for the issue.
Publish Date: 2026-01-27
URL: CVE-2026-24838
CVSS 3 Score Details (9.1)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: High
- User Interaction: None
- Scope: Changed
- Impact Metrics:
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High
For more information on CVSS3 Scores, click here.
Suggested Fix
Type: Upgrade version
Origin: GHSA-w9pf-h6m6-v89h
Release Date: 2026-01-27
Fix Resolution: dotnetnuke.core - 10.2.0
Step up your Open Source Security Game with Mend here
CVE-2025-52488
Vulnerable Library - DotNetNuke-9.11.0.46.dll
DotNetNuke
Library home page: https://api.nuget.org/packages/dotnetnuke.core.9.11.0.nupkg
Path to vulnerable library: /References/DNN/09.11.00/DotNetNuke.dll
Dependency Hierarchy:
- ❌ DotNetNuke-9.11.0.46.dll (Vulnerable Library)
Found in HEAD commit: 6b1a9cd2a202e971cd6ab62cf229535c79441a44
Found in base branch: main
Vulnerability Details
DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. In versions 6.0.0 to before 10.0.1, DNN.PLATFORM allows a specially crafted series of malicious interaction to potentially expose NTLM hashes to a third party SMB server. This issue has been patched in version 10.0.1.
Publish Date: 2025-06-21
URL: CVE-2025-52488
CVSS 3 Score Details (8.6)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Changed
- Impact Metrics:
- Confidentiality Impact: High
- Integrity Impact: None
- Availability Impact: None
For more information on CVSS3 Scores, click here.
Step up your Open Source Security Game with Mend here
CVE-2025-52487
Vulnerable Library - DotNetNuke-9.11.0.46.dll
DotNetNuke
Library home page: https://api.nuget.org/packages/dotnetnuke.core.9.11.0.nupkg
Path to vulnerable library: /References/DNN/09.11.00/DotNetNuke.dll
Dependency Hierarchy:
- ❌ DotNetNuke-9.11.0.46.dll (Vulnerable Library)
Found in HEAD commit: 6b1a9cd2a202e971cd6ab62cf229535c79441a44
Found in base branch: main
Vulnerability Details
DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. In versions 7.0.0 to before 10.0.1, DNN.PLATFORM allows a specially crafted request or proxy to be created that could bypass the design of DNN Login IP Filters allowing login attempts from IP Addresses not in the allow list. This issue has been patched in version 10.0.1.
Publish Date: 2025-06-21
URL: CVE-2025-52487
CVSS 3 Score Details (8.6)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: High
- Integrity Impact: Low
- Availability Impact: Low
For more information on CVSS3 Scores, click here.
Step up your Open Source Security Game with Mend here
CVE-2026-24837
Vulnerable Library - DotNetNuke-9.11.0.46.dll
DotNetNuke
Library home page: https://api.nuget.org/packages/dotnetnuke.core.9.11.0.nupkg
Path to vulnerable library: /References/DNN/09.11.00/DotNetNuke.dll
Dependency Hierarchy:
- ❌ DotNetNuke-9.11.0.46.dll (Vulnerable Library)
Found in HEAD commit: 6b1a9cd2a202e971cd6ab62cf229535c79441a44
Found in base branch: main
Vulnerability Details
DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Starting in version 9.0.0 and prior to versions 9.13.10 and 10.2.0, a module friendly name could include scripts that will run during some module operations in the Persona Bar. Versions 9.13.10 and 10.2.0 contain a fix for the issue.
Publish Date: 2026-01-27
URL: CVE-2026-24837
CVSS 3 Score Details (7.6)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: High
- Privileges Required: High
- User Interaction: Required
- Scope: Changed
- Impact Metrics:
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High
For more information on CVSS3 Scores, click here.
Suggested Fix
Type: Upgrade version
Origin: GHSA-vm5q-8qww-h238
Release Date: 2026-01-27
Fix Resolution: DotNetNuke.Core - 10.2.0
Step up your Open Source Security Game with Mend here
CVE-2026-24836
Vulnerable Library - DotNetNuke-9.11.0.46.dll
DotNetNuke
Library home page: https://api.nuget.org/packages/dotnetnuke.core.9.11.0.nupkg
Path to vulnerable library: /References/DNN/09.11.00/DotNetNuke.dll
Dependency Hierarchy:
- ❌ DotNetNuke-9.11.0.46.dll (Vulnerable Library)
Found in HEAD commit: 6b1a9cd2a202e971cd6ab62cf229535c79441a44
Found in base branch: main
Vulnerability Details
DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Starting in version 9.0.0 and prior to versions 9.13.10 and 10.2.0, extensions could write richtext in log notes which can include scripts that would run in the PersonaBar when displayed. Versions 9.13.10 and 10.2.0 contain a fix for the issue.
Publish Date: 2026-01-27
URL: CVE-2026-24836
CVSS 3 Score Details (7.6)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: High
- Privileges Required: High
- User Interaction: Required
- Scope: Changed
- Impact Metrics:
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High
For more information on CVSS3 Scores, click here.
Suggested Fix
Type: Upgrade version
Origin: GHSA-2g5g-hcgh-q3rp
Release Date: 2026-01-27
Fix Resolution: DotNetNuke.Core - 9.13.10,DotNetNuke.Core - 9.13.10,DotNetNuke.Core - 10.2.1,DotNetNuke.Core - 10.2.1
Step up your Open Source Security Game with Mend here
CVE-2026-24833
Vulnerable Library - DotNetNuke-9.11.0.46.dll
DotNetNuke
Library home page: https://api.nuget.org/packages/dotnetnuke.core.9.11.0.nupkg
Path to vulnerable library: /References/DNN/09.11.00/DotNetNuke.dll
Dependency Hierarchy:
- ❌ DotNetNuke-9.11.0.46.dll (Vulnerable Library)
Found in HEAD commit: 6b1a9cd2a202e971cd6ab62cf229535c79441a44
Found in base branch: main
Vulnerability Details
DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Prior to versions 9.13.10 and 10.2.0, a module could install with richtext in its description field which could contain scripts that will run for user in the Persona Bar. Versions 9.13.10 and 10.2.0 contain a fix for the issue.
Publish Date: 2026-01-27
URL: CVE-2026-24833
CVSS 3 Score Details (7.6)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: High
- Privileges Required: High
- User Interaction: Required
- Scope: Changed
- Impact Metrics:
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High
For more information on CVSS3 Scores, click here.
Suggested Fix
Type: Upgrade version
Origin: GHSA-9r3h-mpf8-25gj
Release Date: 2026-01-27
Fix Resolution: DotNetNuke.Core - 9.13.10,DotNetNuke.Core - 9.13.10,DotNetNuke.Core - 10.2.0,DotNetNuke.Core - 10.2.0
Step up your Open Source Security Game with Mend here
CVE-2025-32373
Vulnerable Library - DotNetNuke-9.11.0.46.dll
DotNetNuke
Library home page: https://api.nuget.org/packages/dotnetnuke.core.9.11.0.nupkg
Path to vulnerable library: /References/DNN/09.11.00/DotNetNuke.dll
Dependency Hierarchy:
- ❌ DotNetNuke-9.11.0.46.dll (Vulnerable Library)
Found in HEAD commit: 6b1a9cd2a202e971cd6ab62cf229535c79441a44
Found in base branch: main
Vulnerability Details
DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. In limited configurations, registered users may be able to craft a request to enumerate/access some portal files they should not have access to. This vulnerability is fixed in 9.13.8.
Publish Date: 2025-04-09
URL: CVE-2025-32373
CVSS 3 Score Details (6.5)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: Low
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: High
- Integrity Impact: None
- Availability Impact: None
For more information on CVSS3 Scores, click here.
Suggested Fix
Type: Upgrade version
Origin: GHSA-vxcm-4rwh-chpc
Release Date: 2025-04-09
Fix Resolution: DotNetNuke.Core - 9.13.8,DotNetNuke.Core - 9.13.8
Step up your Open Source Security Game with Mend here
CVE-2025-32372
Vulnerable Library - DotNetNuke-9.11.0.46.dll
DotNetNuke
Library home page: https://api.nuget.org/packages/dotnetnuke.core.9.11.0.nupkg
Path to vulnerable library: /References/DNN/09.11.00/DotNetNuke.dll
Dependency Hierarchy:
- ❌ DotNetNuke-9.11.0.46.dll (Vulnerable Library)
Found in HEAD commit: 6b1a9cd2a202e971cd6ab62cf229535c79441a44
Found in base branch: main
Vulnerability Details
DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. A bypass has been identified for the previously known vulnerability CVE-2017-0929, allowing unauthenticated attackers to execute arbitrary GET requests against target systems, including internal or adjacent networks. This vulnerability facilitates a semi-blind SSRF attack, allowing attackers to make the target server send requests to internal or external URLs without viewing the full responses. Potential impacts include internal network reconnaissance, bypassing firewalls. This vulnerability is fixed in 9.13.8.
Publish Date: 2025-04-09
URL: CVE-2025-32372
CVSS 3 Score Details (6.5)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: High
- Availability Impact: None
For more information on CVSS3 Scores, click here.
Suggested Fix
Type: Upgrade version
Release Date: 2025-04-09
Fix Resolution: https://github.com/dnnsoftware/Dnn.Platform.git - 9.13.8,DotNetNuke.Core - 9.13.8,DotNetNuke.Core - 9.13.8
Step up your Open Source Security Game with Mend here
CVE-2025-52486
Vulnerable Library - DotNetNuke-9.11.0.46.dll
DotNetNuke
Library home page: https://api.nuget.org/packages/dotnetnuke.core.9.11.0.nupkg
Path to vulnerable library: /References/DNN/09.11.00/DotNetNuke.dll
Dependency Hierarchy:
- ❌ DotNetNuke-9.11.0.46.dll (Vulnerable Library)
Found in HEAD commit: 6b1a9cd2a202e971cd6ab62cf229535c79441a44
Found in base branch: main
Vulnerability Details
DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. In versions 6.0.0 to before 10.0.1, DNN.PLATFORM allows specially crafted content in URLs to be used with TokenReplace and not be properly sanitized by some SkinObjects. This issue has been patched in version 10.0.1.
Publish Date: 2025-06-21
URL: CVE-2025-52486
CVSS 3 Score Details (6.1)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Changed
- Impact Metrics:
- Confidentiality Impact: Low
- Integrity Impact: Low
- Availability Impact: None
For more information on CVSS3 Scores, click here.
Step up your Open Source Security Game with Mend here
CVE-2025-32374
Vulnerable Library - DotNetNuke-9.11.0.46.dll
DotNetNuke
Library home page: https://api.nuget.org/packages/dotnetnuke.core.9.11.0.nupkg
Path to vulnerable library: /References/DNN/09.11.00/DotNetNuke.dll
Dependency Hierarchy:
- ❌ DotNetNuke-9.11.0.46.dll (Vulnerable Library)
Found in HEAD commit: 6b1a9cd2a202e971cd6ab62cf229535c79441a44
Found in base branch: main
Vulnerability Details
DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Possible denial of service with specially crafted information in the public registration form. This vulnerability is fixed in 9.13.8.
Publish Date: 2025-04-09
URL: CVE-2025-32374
CVSS 3 Score Details (5.9)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: High
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: High
For more information on CVSS3 Scores, click here.
Suggested Fix
Type: Upgrade version
Origin: GHSA-vc6j-mcqj-rgfp
Release Date: 2025-04-09
Fix Resolution: DotNetNuke.Core - 9.13.8,DotNetNuke.Core - 9.13.8
Step up your Open Source Security Game with Mend here
CVE-2025-52485
Vulnerable Library - DotNetNuke-9.11.0.46.dll
DotNetNuke
Library home page: https://api.nuget.org/packages/dotnetnuke.core.9.11.0.nupkg
Path to vulnerable library: /References/DNN/09.11.00/DotNetNuke.dll
Dependency Hierarchy:
- ❌ DotNetNuke-9.11.0.46.dll (Vulnerable Library)
Found in HEAD commit: 6b1a9cd2a202e971cd6ab62cf229535c79441a44
Found in base branch: main
Vulnerability Details
DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. In versions 6.0.0 to before 10.0.1, DNN.PLATFORM allows a specially crafted request to inject scripts in the Activity Feed Attachments endpoint which will then render in the feed. This issue has been patched in version 10.0.1.
Publish Date: 2025-06-21
URL: CVE-2025-52485
CVSS 3 Score Details (5.4)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: Low
- User Interaction: Required
- Scope: Changed
- Impact Metrics:
- Confidentiality Impact: Low
- Integrity Impact: Low
- Availability Impact: None
For more information on CVSS3 Scores, click here.
Step up your Open Source Security Game with Mend here
CVE-2025-32371
Vulnerable Library - DotNetNuke-9.11.0.46.dll
DotNetNuke
Library home page: https://api.nuget.org/packages/dotnetnuke.core.9.11.0.nupkg
Path to vulnerable library: /References/DNN/09.11.00/DotNetNuke.dll
Dependency Hierarchy:
- ❌ DotNetNuke-9.11.0.46.dll (Vulnerable Library)
Found in HEAD commit: 6b1a9cd2a202e971cd6ab62cf229535c79441a44
Found in base branch: main
Vulnerability Details
DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. A url could be crafted to the DNN ImageHandler to render text from a querystring parameter. This text would display in the resulting image and a user that trusts the domain might think that the information is legitimate. This vulnerability is fixed in 9.13.4.
Publish Date: 2025-04-09
URL: CVE-2025-32371
CVSS 3 Score Details (4.3)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: Low
- Availability Impact: None
For more information on CVSS3 Scores, click here.
Suggested Fix
Type: Upgrade version
Origin: GHSA-2rrc-g594-rhqw
Release Date: 2025-04-09
Fix Resolution: DotNetNuke.Core - 9.13.4,DotNetNuke.Core - 9.13.4
Step up your Open Source Security Game with Mend here
DotNetNuke
Library home page: https://api.nuget.org/packages/dotnetnuke.core.9.11.0.nupkg
Path to vulnerable library: /References/DNN/09.11.00/DotNetNuke.dll
Found in HEAD commit: 6b1a9cd2a202e971cd6ab62cf229535c79441a44
Vulnerabilities
**In some cases, Remediation PR cannot be created automatically for a vulnerability despite the availability of remediation
Details
Vulnerable Library - DotNetNuke-9.11.0.46.dll
DotNetNuke
Library home page: https://api.nuget.org/packages/dotnetnuke.core.9.11.0.nupkg
Path to vulnerable library: /References/DNN/09.11.00/DotNetNuke.dll
Dependency Hierarchy:
Found in HEAD commit: 6b1a9cd2a202e971cd6ab62cf229535c79441a44
Found in base branch: main
Vulnerability Details
DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Prior to versions 9.13.10 and 10.2.0, module title supports richtext which could include scripts that would execute in certain scenarios. Versions 9.13.10 and 10.2.0 contain a fix for the issue.
Publish Date: 2026-01-27
URL: CVE-2026-24838
CVSS 3 Score Details (9.1)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: High
- User Interaction: None
- Scope: Changed
- Impact Metrics:
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High
For more information on CVSS3 Scores, click here.Suggested Fix
Type: Upgrade version
Origin: GHSA-w9pf-h6m6-v89h
Release Date: 2026-01-27
Fix Resolution: dotnetnuke.core - 10.2.0
Step up your Open Source Security Game with Mend here
Vulnerable Library - DotNetNuke-9.11.0.46.dll
DotNetNuke
Library home page: https://api.nuget.org/packages/dotnetnuke.core.9.11.0.nupkg
Path to vulnerable library: /References/DNN/09.11.00/DotNetNuke.dll
Dependency Hierarchy:
Found in HEAD commit: 6b1a9cd2a202e971cd6ab62cf229535c79441a44
Found in base branch: main
Vulnerability Details
DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. In versions 6.0.0 to before 10.0.1, DNN.PLATFORM allows a specially crafted series of malicious interaction to potentially expose NTLM hashes to a third party SMB server. This issue has been patched in version 10.0.1.
Publish Date: 2025-06-21
URL: CVE-2025-52488
CVSS 3 Score Details (8.6)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Changed
- Impact Metrics:
- Confidentiality Impact: High
- Integrity Impact: None
- Availability Impact: None
For more information on CVSS3 Scores, click here.Step up your Open Source Security Game with Mend here
Vulnerable Library - DotNetNuke-9.11.0.46.dll
DotNetNuke
Library home page: https://api.nuget.org/packages/dotnetnuke.core.9.11.0.nupkg
Path to vulnerable library: /References/DNN/09.11.00/DotNetNuke.dll
Dependency Hierarchy:
Found in HEAD commit: 6b1a9cd2a202e971cd6ab62cf229535c79441a44
Found in base branch: main
Vulnerability Details
DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. In versions 7.0.0 to before 10.0.1, DNN.PLATFORM allows a specially crafted request or proxy to be created that could bypass the design of DNN Login IP Filters allowing login attempts from IP Addresses not in the allow list. This issue has been patched in version 10.0.1.
Publish Date: 2025-06-21
URL: CVE-2025-52487
CVSS 3 Score Details (8.6)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: High
- Integrity Impact: Low
- Availability Impact: Low
For more information on CVSS3 Scores, click here.Step up your Open Source Security Game with Mend here
Vulnerable Library - DotNetNuke-9.11.0.46.dll
DotNetNuke
Library home page: https://api.nuget.org/packages/dotnetnuke.core.9.11.0.nupkg
Path to vulnerable library: /References/DNN/09.11.00/DotNetNuke.dll
Dependency Hierarchy:
Found in HEAD commit: 6b1a9cd2a202e971cd6ab62cf229535c79441a44
Found in base branch: main
Vulnerability Details
DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Starting in version 9.0.0 and prior to versions 9.13.10 and 10.2.0, a module friendly name could include scripts that will run during some module operations in the Persona Bar. Versions 9.13.10 and 10.2.0 contain a fix for the issue.
Publish Date: 2026-01-27
URL: CVE-2026-24837
CVSS 3 Score Details (7.6)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: High
- Privileges Required: High
- User Interaction: Required
- Scope: Changed
- Impact Metrics:
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High
For more information on CVSS3 Scores, click here.Suggested Fix
Type: Upgrade version
Origin: GHSA-vm5q-8qww-h238
Release Date: 2026-01-27
Fix Resolution: DotNetNuke.Core - 10.2.0
Step up your Open Source Security Game with Mend here
Vulnerable Library - DotNetNuke-9.11.0.46.dll
DotNetNuke
Library home page: https://api.nuget.org/packages/dotnetnuke.core.9.11.0.nupkg
Path to vulnerable library: /References/DNN/09.11.00/DotNetNuke.dll
Dependency Hierarchy:
Found in HEAD commit: 6b1a9cd2a202e971cd6ab62cf229535c79441a44
Found in base branch: main
Vulnerability Details
DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Starting in version 9.0.0 and prior to versions 9.13.10 and 10.2.0, extensions could write richtext in log notes which can include scripts that would run in the PersonaBar when displayed. Versions 9.13.10 and 10.2.0 contain a fix for the issue.
Publish Date: 2026-01-27
URL: CVE-2026-24836
CVSS 3 Score Details (7.6)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: High
- Privileges Required: High
- User Interaction: Required
- Scope: Changed
- Impact Metrics:
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High
For more information on CVSS3 Scores, click here.Suggested Fix
Type: Upgrade version
Origin: GHSA-2g5g-hcgh-q3rp
Release Date: 2026-01-27
Fix Resolution: DotNetNuke.Core - 9.13.10,DotNetNuke.Core - 9.13.10,DotNetNuke.Core - 10.2.1,DotNetNuke.Core - 10.2.1
Step up your Open Source Security Game with Mend here
Vulnerable Library - DotNetNuke-9.11.0.46.dll
DotNetNuke
Library home page: https://api.nuget.org/packages/dotnetnuke.core.9.11.0.nupkg
Path to vulnerable library: /References/DNN/09.11.00/DotNetNuke.dll
Dependency Hierarchy:
Found in HEAD commit: 6b1a9cd2a202e971cd6ab62cf229535c79441a44
Found in base branch: main
Vulnerability Details
DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Prior to versions 9.13.10 and 10.2.0, a module could install with richtext in its description field which could contain scripts that will run for user in the Persona Bar. Versions 9.13.10 and 10.2.0 contain a fix for the issue.
Publish Date: 2026-01-27
URL: CVE-2026-24833
CVSS 3 Score Details (7.6)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: High
- Privileges Required: High
- User Interaction: Required
- Scope: Changed
- Impact Metrics:
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High
For more information on CVSS3 Scores, click here.Suggested Fix
Type: Upgrade version
Origin: GHSA-9r3h-mpf8-25gj
Release Date: 2026-01-27
Fix Resolution: DotNetNuke.Core - 9.13.10,DotNetNuke.Core - 9.13.10,DotNetNuke.Core - 10.2.0,DotNetNuke.Core - 10.2.0
Step up your Open Source Security Game with Mend here
Vulnerable Library - DotNetNuke-9.11.0.46.dll
DotNetNuke
Library home page: https://api.nuget.org/packages/dotnetnuke.core.9.11.0.nupkg
Path to vulnerable library: /References/DNN/09.11.00/DotNetNuke.dll
Dependency Hierarchy:
Found in HEAD commit: 6b1a9cd2a202e971cd6ab62cf229535c79441a44
Found in base branch: main
Vulnerability Details
DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. In limited configurations, registered users may be able to craft a request to enumerate/access some portal files they should not have access to. This vulnerability is fixed in 9.13.8.
Publish Date: 2025-04-09
URL: CVE-2025-32373
CVSS 3 Score Details (6.5)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: Low
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: High
- Integrity Impact: None
- Availability Impact: None
For more information on CVSS3 Scores, click here.Suggested Fix
Type: Upgrade version
Origin: GHSA-vxcm-4rwh-chpc
Release Date: 2025-04-09
Fix Resolution: DotNetNuke.Core - 9.13.8,DotNetNuke.Core - 9.13.8
Step up your Open Source Security Game with Mend here
Vulnerable Library - DotNetNuke-9.11.0.46.dll
DotNetNuke
Library home page: https://api.nuget.org/packages/dotnetnuke.core.9.11.0.nupkg
Path to vulnerable library: /References/DNN/09.11.00/DotNetNuke.dll
Dependency Hierarchy:
Found in HEAD commit: 6b1a9cd2a202e971cd6ab62cf229535c79441a44
Found in base branch: main
Vulnerability Details
DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. A bypass has been identified for the previously known vulnerability CVE-2017-0929, allowing unauthenticated attackers to execute arbitrary GET requests against target systems, including internal or adjacent networks. This vulnerability facilitates a semi-blind SSRF attack, allowing attackers to make the target server send requests to internal or external URLs without viewing the full responses. Potential impacts include internal network reconnaissance, bypassing firewalls. This vulnerability is fixed in 9.13.8.
Publish Date: 2025-04-09
URL: CVE-2025-32372
CVSS 3 Score Details (6.5)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: High
- Availability Impact: None
For more information on CVSS3 Scores, click here.Suggested Fix
Type: Upgrade version
Release Date: 2025-04-09
Fix Resolution: https://github.com/dnnsoftware/Dnn.Platform.git - 9.13.8,DotNetNuke.Core - 9.13.8,DotNetNuke.Core - 9.13.8
Step up your Open Source Security Game with Mend here
Vulnerable Library - DotNetNuke-9.11.0.46.dll
DotNetNuke
Library home page: https://api.nuget.org/packages/dotnetnuke.core.9.11.0.nupkg
Path to vulnerable library: /References/DNN/09.11.00/DotNetNuke.dll
Dependency Hierarchy:
Found in HEAD commit: 6b1a9cd2a202e971cd6ab62cf229535c79441a44
Found in base branch: main
Vulnerability Details
DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. In versions 6.0.0 to before 10.0.1, DNN.PLATFORM allows specially crafted content in URLs to be used with TokenReplace and not be properly sanitized by some SkinObjects. This issue has been patched in version 10.0.1.
Publish Date: 2025-06-21
URL: CVE-2025-52486
CVSS 3 Score Details (6.1)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Changed
- Impact Metrics:
- Confidentiality Impact: Low
- Integrity Impact: Low
- Availability Impact: None
For more information on CVSS3 Scores, click here.Step up your Open Source Security Game with Mend here
Vulnerable Library - DotNetNuke-9.11.0.46.dll
DotNetNuke
Library home page: https://api.nuget.org/packages/dotnetnuke.core.9.11.0.nupkg
Path to vulnerable library: /References/DNN/09.11.00/DotNetNuke.dll
Dependency Hierarchy:
Found in HEAD commit: 6b1a9cd2a202e971cd6ab62cf229535c79441a44
Found in base branch: main
Vulnerability Details
DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Possible denial of service with specially crafted information in the public registration form. This vulnerability is fixed in 9.13.8.
Publish Date: 2025-04-09
URL: CVE-2025-32374
CVSS 3 Score Details (5.9)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: High
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: High
For more information on CVSS3 Scores, click here.Suggested Fix
Type: Upgrade version
Origin: GHSA-vc6j-mcqj-rgfp
Release Date: 2025-04-09
Fix Resolution: DotNetNuke.Core - 9.13.8,DotNetNuke.Core - 9.13.8
Step up your Open Source Security Game with Mend here
Vulnerable Library - DotNetNuke-9.11.0.46.dll
DotNetNuke
Library home page: https://api.nuget.org/packages/dotnetnuke.core.9.11.0.nupkg
Path to vulnerable library: /References/DNN/09.11.00/DotNetNuke.dll
Dependency Hierarchy:
Found in HEAD commit: 6b1a9cd2a202e971cd6ab62cf229535c79441a44
Found in base branch: main
Vulnerability Details
DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. In versions 6.0.0 to before 10.0.1, DNN.PLATFORM allows a specially crafted request to inject scripts in the Activity Feed Attachments endpoint which will then render in the feed. This issue has been patched in version 10.0.1.
Publish Date: 2025-06-21
URL: CVE-2025-52485
CVSS 3 Score Details (5.4)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: Low
- User Interaction: Required
- Scope: Changed
- Impact Metrics:
- Confidentiality Impact: Low
- Integrity Impact: Low
- Availability Impact: None
For more information on CVSS3 Scores, click here.Step up your Open Source Security Game with Mend here
Vulnerable Library - DotNetNuke-9.11.0.46.dll
DotNetNuke
Library home page: https://api.nuget.org/packages/dotnetnuke.core.9.11.0.nupkg
Path to vulnerable library: /References/DNN/09.11.00/DotNetNuke.dll
Dependency Hierarchy:
Found in HEAD commit: 6b1a9cd2a202e971cd6ab62cf229535c79441a44
Found in base branch: main
Vulnerability Details
DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. A url could be crafted to the DNN ImageHandler to render text from a querystring parameter. This text would display in the resulting image and a user that trusts the domain might think that the information is legitimate. This vulnerability is fixed in 9.13.4.
Publish Date: 2025-04-09
URL: CVE-2025-32371
CVSS 3 Score Details (4.3)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: Low
- Availability Impact: None
For more information on CVSS3 Scores, click here.Suggested Fix
Type: Upgrade version
Origin: GHSA-2rrc-g594-rhqw
Release Date: 2025-04-09
Fix Resolution: DotNetNuke.Core - 9.13.4,DotNetNuke.Core - 9.13.4
Step up your Open Source Security Game with Mend here