Package impact

NuGet / DotNetNuke.Core

critical high medium low unknown

0

KEV Has exploit

CVE	Severity	CVSS	Risk	Flags	OS	Vendor	Published	Description
CVE-2015-2794	critical	9.8	10.0				10y ago	The installation wizard in DotNetNuke (DNN) allows privilege escalation
CVE-2016-7119	medium	5.4	5.4				10y ago	Cross-site scripting (XSS) vulnerability in the user-profile biography section in DotNetNuke (DNN)
CVE-2015-1566	medium	—	4.3				12y ago	Moderate severity vulnerability that affects DotNetNuke.Core
CVE-2013-7335	medium	—	4.3				12y ago	DotNetNuke (DNN) Open redirect vulnerability
CVE-2013-4649	medium	—	4.3				12y ago	DotNetNuke (DNN) Cross-site scripting (XSS) vulnerability via the __dnnVariable parameter
CVE-2018-15811	unknown	—	2.5				7y ago	DotNetNuke (DNN) contains an inadequate encryption strength vulnerability resulting from the use of a weak encryption algorithm to protect input parameters.
CVE-2018-18325	unknown	—	2.5				7y ago	DotNetNuke (DNN) contains an inadequate encryption strength vulnerability resulting from the use of a weak encryption algorithm to protect input parameters. This CVE ID resolves an incomplete patch f…
CVE-2017-9822	unknown	—	2.5				8y ago	DotNetNuke (DNN) contains a vulnerability that may allow for remote code execution via cookie deserialization.
CVE-2008-6540	unknown	—	1.0				4y ago	DotNetNuke Default Machine Key Exposure
CVE-2019-12562	unknown	—	1.0				7y ago	Stored Cross-Site Scripting vulnerability in admin component of DotNetNuke
CVE-2018-15812	unknown	—	1.0				7y ago	Insufficient Entropy in DotNetNuke
CVE-2018-18326	unknown	—	1.0				7y ago	Insufficient Entropy in DotNetNuke
CVE-2026-40306	unknown	—	—				2mo ago	DNN: Same HostGUID for all new installs
CVE-2026-40305	unknown	—	—				2mo ago	DNN: Force Friend Request Acceptance
CVE-2026-40321	unknown	—	—				2mo ago	DotNetNuke.Core has stored cross-site-scripting (XSS) via SVG upload
CVE-2026-24838	unknown	—	—				4mo ago	DotNetNuke.Core Vulnerable to Stored XSS via Module Title
CVE-2026-24837	unknown	—	—				4mo ago	DotNetNuke.Core Vulnerable to Stored XSS in Module Deletion Confirmation Modal
CVE-2026-24836	unknown	—	—				4mo ago	DotNetNuke.Core Vulnerable to Stored XSS in Scheduler LogNotes
CVE-2026-24784	unknown	—	—				4mo ago	DotNetNuke.Core has a potential XSS vulnerability in modules' header and footer
CVE-2025-64094	unknown	—	—				7mo ago	DNN vulnerable to stored cross-site-scripting (XSS) via SVG upload
CVE-2025-59821	unknown	—	—				8mo ago	DNN vulnerable to Reflected Cross-Site Scripting (XSS) using url to profile
CVE-2025-59546	unknown	—	—				8mo ago	DNN Vulnerable to Stored XSS Using Backend Admin Credentials
CVE-2025-59545	unknown	—	—				8mo ago	DNN Vulnerable to Stored Cross-Site Scripting (XSS) in the Prompt module
CVE-2025-59539	unknown	—	—				8mo ago	DNN affected by Stored Cross-Site Scripting (XSS) in Profile Biography field
CVE-2025-59535	unknown	—	—				8mo ago	DNN allows loading unused themes on anonymous clients through query parameters
CVE-2025-48378	unknown	—	—				1y ago	DNN allows Stored Cross-Site Scripting (XSS) with svg files rendered inline
CVE-2025-48377	unknown	—	—				1y ago	Reflected Cross-Site Scripting (XSS) in module actions in edit mode
CVE-2025-32372	unknown	—	—				1y ago	DotNetNuke.Core Vulnerable to Server-Side Request Forgery (SSRF)
CVE-2022-2922	unknown	—	—				4y ago	DNN vulnerable to Relative Path Traversal
CVE-2020-5188	unknown	—	—				4y ago	DNN File Upload Vulnerability
CVE-2020-5187	unknown	—	—				4y ago	DNN Path Traversal via Zip Slip
CVE-2020-5186	unknown	—	—				4y ago	DNN XSS Vulnerability
CVE-2018-14486	unknown	—	—				4y ago	DNN XSS Vulnerability
CVE-2007-0660	unknown	—	—				4y ago	DotNetNuke Vulnerable to XSS in Pass-Through Values
CVE-2017-0929	unknown	—	—				8y ago	High severity vulnerability that affects DotNetNuke.Core