Launch Week Day 1: Announcing Security Design Review
Start for Free
nuget

DotNetNuke.Core

View on nuget registry
36 Total advisories
36 Vulnerabilities
0 Malware

Vulnerabilities

HIGH 8.0
NuGet

CVE-2026-40321

DotNetNuke.Core has stored cross-site-scripting (XSS) via SVG upload
MEDIUM 4.3
NuGet

CVE-2026-40305

DNN: Force Friend Request Acceptance
MEDIUM 6.5
NuGet

CVE-2026-40306

DNN: Same HostGUID for all new installs
UNKNOWN
NuGet

GHSA-fcpv-w245-r2q7

DotNetNuke.Core security code analysis rules triggered
MEDIUM 6.9
NuGet

CVE-2026-24784

DotNetNuke.Core has a potential XSS vulnerability in modules' header and footer
HIGH 7.6
NuGet

CVE-2026-24836

DotNetNuke.Core Vulnerable to Stored XSS in Scheduler LogNotes
HIGH 7.6
NuGet

CVE-2026-24837

DotNetNuke.Core Vulnerable to Stored XSS in Module Deletion Confirmation Modal
CRITICAL 9.1
NuGet

CVE-2026-24838

DotNetNuke.Core Vulnerable to Stored XSS via Module Title
MEDIUM 6.4
NuGet

CVE-2025-64094

DNN vulnerable to stored cross-site-scripting (XSS) via SVG upload
HIGH 7.5
NuGet KEV

CVE-2018-15811

Inadequate Encryption Strength in DotNetNuke
HIGH 7.5
NuGet KEV

CVE-2018-18325

Inadequate Encryption Strength in DotNetNuke
LOW 2.4
NuGet

CVE-2025-59546

DNN Vulnerable to Stored XSS Using Backend Admin Credentials
MEDIUM 6.5
NuGet

CVE-2025-59821

DNN vulnerable to Reflected Cross-Site Scripting (XSS) using url to profile
MEDIUM 6.3
NuGet

CVE-2025-59539

DNN affected by Stored Cross-Site Scripting (XSS) in Profile Biography field
CRITICAL 9.0
NuGet

CVE-2025-59545

DNN Vulnerable to Stored Cross-Site Scripting (XSS) in the Prompt module
MEDIUM 6.5
NuGet

CVE-2025-59535

DNN allows loading unused themes on anonymous clients through query parameters
UNKNOWN
NuGet

CVE-2025-48378

DNN allows Stored Cross-Site Scripting (XSS) with svg files rendered inline
UNKNOWN
NuGet

CVE-2025-48377

Reflected Cross-Site Scripting (XSS) in module actions in edit mode
MEDIUM 6.5
NuGet

CVE-2025-32372

DotNetNuke.Core Vulnerable to Server-Side Request Forgery (SSRF)
UNKNOWN
NuGet

CVE-2013-4649

DotNetNuke (DNN) Cross-site scripting (XSS) vulnerability via the __dnnVariable parameter
CRITICAL 9.8
NuGet

CVE-2015-2794

The installation wizard in DotNetNuke (DNN) allows privilege escalation
UNKNOWN
NuGet

CVE-2015-1566

Moderate severity vulnerability that affects DotNetNuke.Core
MEDIUM 6.1
NuGet

CVE-2019-12562

Stored Cross-Site Scripting vulnerability in admin component of DotNetNuke
MEDIUM 5.4
NuGet

CVE-2020-5186

DNN XSS Vulnerability
HIGH 8.8
NuGet

CVE-2020-5187

DNN Path Traversal via Zip Slip
MEDIUM 6.1
NuGet

CVE-2018-14486

DNN XSS Vulnerability
MEDIUM 4.0
NuGet

CVE-2013-7335

DotNetNuke (DNN) Open redirect vulnerability

MEDIUM 6.5
NuGet

CVE-2020-5188

DNN File Upload Vulnerability
MEDIUM 4.9
NuGet

CVE-2022-2922

DNN vulnerable to Relative Path Traversal
HIGH 7.5
NuGet

CVE-2018-18326

Insufficient Entropy in DotNetNuke
HIGH 7.5
NuGet

CVE-2018-15812

Insufficient Entropy in DotNetNuke
HIGH 8.8
NuGet KEV

CVE-2017-9822

DNN (aka DotNetNuke) has Remote Code Execution via a cookie
HIGH 7.5
NuGet

CVE-2017-0929

High severity vulnerability that affects DotNetNuke.Core
MEDIUM 5.4
NuGet

CVE-2016-7119

Cross-site scripting (XSS) vulnerability in the user-profile biography section in DotNetNuke (DNN)
UNKNOWN
NuGet

CVE-2008-6540

DotNetNuke Default Machine Key Exposure
UNKNOWN
NuGet

CVE-2007-0660

DotNetNuke Vulnerable to XSS in Pass-Through Values

Ready to move

Start Securing

Start for Free Get Demo

Free, no credit card | First findings in minutes