pkg:NuGet/DotNetNuke.Core

All known vulnerabilities

• HIGH8.8CVE-2017-9822⚠ KEVDNN (aka DotNetNuke) has Remote Code Execution via a cookie
  from 0, < 9.1.1
• HIGH7.5CVE-2018-15811⚠ KEVInadequate Encryption Strength in DotNetNuke
  >= 9.2.0, < 9.2.2
• HIGH7.5CVE-2018-18325⚠ KEVInadequate Encryption Strength in DotNetNuke
  from 0, < 9.3.0
• CRITICAL9.8CVE-2015-2794The installation wizard in DotNetNuke (DNN) allows privilege escalation
  from 0, < 7.4.1
• CRITICAL9.1CVE-2026-24838DotNetNuke.Core Vulnerable to Stored XSS via Module Title
  from 0, < 9.13.10
• CRITICAL9.0CVE-2025-59545DNN Vulnerable to Stored Cross-Site Scripting (XSS) in the Prompt module
  from 0, < 10.1.0
• HIGH8.8CVE-2020-5187DNN Path Traversal via Zip Slip
  from 0, < 9.5.0
• HIGH8.0CVE-2026-40321DotNetNuke.Core has stored cross-site-scripting (XSS) via SVG upload
  from 0, < 10.2.2
• HIGH7.6CVE-2026-24837DotNetNuke.Core Vulnerable to Stored XSS in Module Deletion Confirmation Modal
  >= 9.0.0, <= 9.13.9
• HIGH7.6CVE-2026-24836DotNetNuke.Core Vulnerable to Stored XSS in Scheduler LogNotes
  >= 9.0.0, <= 9.13.9
• HIGH7.5CVE-2018-15812Insufficient Entropy in DotNetNuke
  >= 9.2.0, < 9.2.2
• HIGH7.5CVE-2018-18326Insufficient Entropy in DotNetNuke
  from 0, < 9.3.0
• HIGH7.5CVE-2017-0929High severity vulnerability that affects DotNetNuke.Core
  from 0, < 9.2.0
• MEDIUM6.9CVE-2026-24784DotNetNuke.Core has a potential XSS vulnerability in modules' header and footer
  >= 9.0.0, < 9.13.10
• MEDIUM6.5CVE-2026-40306DNN: Same HostGUID for all new installs
  >= 10.0.0, < 10.2.2
• MEDIUM6.5CVE-2025-59821DNN vulnerable to Reflected Cross-Site Scripting (XSS) using url to profile
  from 0, < 10.1.0
• MEDIUM6.5CVE-2025-59535DNN allows loading unused themes on anonymous clients through query parameters
  from 0, < 10.1.0
• MEDIUM6.5CVE-2025-32372DotNetNuke.Core Vulnerable to Server-Side Request Forgery (SSRF)
  from 0, < 9.13.8
• MEDIUM6.5CVE-2020-5188DNN File Upload Vulnerability
  from 0, <= 9.4.4
• MEDIUM6.4CVE-2025-64094DNN vulnerable to stored cross-site-scripting (XSS) via SVG upload
  from 0, < 10.1.1
• MEDIUM6.3CVE-2025-59539DNN affected by Stored Cross-Site Scripting (XSS) in Profile Biography field
  from 0, < 10.1.0
• MEDIUM6.1CVE-2018-14486DNN XSS Vulnerability
  from 0, <= 9.1.1
• MEDIUM6.1CVE-2019-12562Stored Cross-Site Scripting vulnerability in admin component of DotNetNuke
  from 0, < 9.4.0
• MEDIUM5.4CVE-2020-5186DNN XSS Vulnerability
  from 0, <= 9.4.4
• MEDIUM5.4CVE-2016-7119Cross-site scripting (XSS) vulnerability in the user-profile biography section in DotNetNuke (DNN)
  from 0, < 8.0.1
• MEDIUM4.9CVE-2022-2922DNN vulnerable to Relative Path Traversal
  from 0, < 9.11.0
• MEDIUM4.3CVE-2026-40305DNN: Force Friend Request Acceptance
  >= 6.0.0, < 10.2.2
• MEDIUM4.0CVE-2013-7335DotNetNuke (DNN) Open redirect vulnerability
  from 0, < 6.2.9
• LOW2.4CVE-2025-59546DNN Vulnerable to Stored XSS Using Backend Admin Credentials
  from 0, < 10.1.0
• —CVE-2025-48378DNN allows Stored Cross-Site Scripting (XSS) with svg files rendered inline
  from 0, < 9.13.9
• —CVE-2025-48377Reflected Cross-Site Scripting (XSS) in module actions in edit mode
  from 0, < 9.13.9
• —CVE-2013-4649DotNetNuke (DNN) Cross-site scripting (XSS) vulnerability via the __dnnVariable parameter
  from 0, < 6.2.9
• —CVE-2008-6540DotNetNuke Default Machine Key Exposure
  from 0, < 4.8.2
• —CVE-2007-0660DotNetNuke Vulnerable to XSS in Pass-Through Values
  from 0, < 03.02.01
• —CVE-2015-1566Moderate severity vulnerability that affects DotNetNuke.Core
  from 0, < 7.4.0