Version 9.10.2
DotNetNuke.Core
Provides basic references to the DotNetNuke.dll to develop extensions for the DNN Platform. For MVC or WebAPI please see other packages available as well
Install Instructions
dotnet add package DotNetNuke.Core
Language C#
Package URL (purl) pkg:nuget/DotNetNuke.Core@9.10.2
Find DotNetNuke.Core vulnerabilities in your supply chain.
DotNetNuke.Core Vulnerabilities
Sort by
CVE (Latest)
CVE (Latest)
-
CVE (Latest)
-
CVE (Oldest)
-
CVSS Score (Highest)
-
CVSS Score (Lowest)
CVE  |
CVSS Score |
CWE(s) |
EPSS Score |
EPSS % |
Impacted Versions |
|---|---|---|---|---|---|
| CVE-2015-1566 | Medium 4.3 | CWE-79 | 0.00135 | 0.50311 |
|
| CVE-2015-2794 | High 9.8 | CWE-264 | 0.97391 | 0.9994 |
|
| CVE-2016-7119 | Medium 5.4 | CWE-79 | 0.00065 | 0.30323 |
|
| CVE-2017-0929 | High 7.5 | CWE-918 | 0.00753 | 0.81643 |
|
| CVE-2017-9822 | High 8.8 | CWE-20 | 0.97322 | 0.99912 |
|
| CVE-2018-14486 | Medium 6.1 | CWE-79 | 0.00105 | 0.44213 |
|
| CVE-2018-18325 | High 7.5 | CWE-326 | 0.04427 | 0.92678 |
|
| CVE-2018-18326 | High 7.5 | CWE-331 | 0.00895 | 0.83285 |
|
| CVE-2019-12562 | Medium 6.1 | CWE-79 | 0.00456 | 0.76011 |
|
| CVE-2020-5186 | Medium 5.4 | CWE-79 | 0.00146 | 0.5185 |
|
| CVE-2020-5187 | High 8.8 | CWE-22 | 0.00778 | 0.81999 |
|
| CVE-2020-5188 | Medium 6.5 | CWE-669, CWE-434 | 0.00156 | 0.53153 |
|
| CVE-2022-2922 | Medium 4.9 | CWE-22 | 0.00063 | 0.28397 |
|
| CVE-2013-3943 | Medium 5.4 | CWE-79 | 0.00089 | 0.39723 |
|
| CVE-2013-4649 | Medium 4.3 | CWE-79 | 0.00247 | 0.65154 |
|
| CVE-2013-7335 | Medium 4.3 | CWE-20 | 0.00257 | 0.65841 |
|
| CVE-2012-1030 | Medium 6.1 | CWE-79 | 0.00132 | 0.49657 |
|
| CVE-2020-11585 | Medium 4.3 | CWE-330, CWE-200, CWE-639 | 0.00058 | 0.26286 |
|
| CVE-2018-15811 | High 7.5 | CWE-326 | 0.04427 | 0.92678 |
|
| CVE-2018-15812 | High 7.5 | CWE-331 | 0.00103 | 0.43435 |
|
DotNetNuke.Core Vulnerability Remediation Guidance
| CVE | Description | Full list of Impacted Versions | Fix |
|---|---|---|---|
| CVE-2022-2922 | Relative Path Traversal in GitHub repository dnnsoftware/dnn.platform prior to 9.11.0. | 7.1.2, 7.1.0, 7.3.1.20, 7.3.0.499, 7.4.0.353, 7.0.6.121, 6.0.0, 7.0.0 (Show all) | Patch → NO_SAFE_VERSION |
| CVE-2020-5188 | DNN (formerly DotNetNuke) through 9.4.4 has Insecure Permissions. | 7.1.2, 7.1.0, 7.3.1.20, 7.3.0.499, 7.4.0.353, 7.0.6.121, 6.0.0, 7.0.0 (Show all) | Patch → NO_SAFE_VERSION |
| CVE-2020-5187 | DNN (formerly DotNetNuke) through 9.4.4 allows Path Traversal (issue 2 of 2). | 7.1.2, 7.1.0, 7.3.1.20, 7.3.0.499, 7.4.0.353, 7.0.6.121, 6.0.0, 7.0.0 (Show all) | Patch → NO_SAFE_VERSION |
| CVE-2020-5186 | DNN (formerly DotNetNuke) through 9.4.4 allows XSS (issue 1 of 2). | 7.1.2, 7.1.0, 7.3.1.20, 7.3.0.499, 7.4.0.353, 7.0.6.121, 6.0.0, 7.0.0 (Show all) | Patch → NO_SAFE_VERSION |
| CVE-2020-11585 | There is an information disclosure issue in DNN (formerly DotNetNuke) 9.5 within the built-in Activity-Feed/Messaging/Userid/ Message Center module. A registered user is able to enumerate any file in the Admin File Manager (other than ones contained in a secure folder) by sending themselves a message with the file attached, e.g., by using an arbitrary small integer value in the fileIds parameter. | 9.5.0 | Patch → NO_SAFE_VERSION |
| CVE-2019-12562 | Stored Cross-Site Scripting in DotNetNuke (DNN) Version before 9.4.0 allows remote attackers to store and embed the malicious script into the admin notification page. The exploit could be used to perfom any action with admin privileges such as managing content, adding users, uploading backdoors to the server, etc. Successful exploitation occurs when an admin user visits a notification page with stored cross-site scripting. | 7.1.2, 7.1.0, 7.3.1.20, 7.3.0.499, 7.4.0.353, 7.0.6.121, 6.0.0, 7.0.0 (Show all) | Patch → NO_SAFE_VERSION |
| CVE-2018-18326 | DNN (aka DotNetNuke) 9.2 through 9.2.2 incorrectly converts encryption key source values, resulting in lower than expected entropy. NOTE: this issue exists because of an incomplete fix for CVE-2018-15812. | 7.1.2, 7.1.0, 7.3.1.20, 7.3.0.499, 7.4.0.353, 7.0.6.121, 6.0.0, 7.0.0 (Show all) | Patch → NO_SAFE_VERSION |
| CVE-2018-18325 | DNN (aka DotNetNuke) 9.2 through 9.2.2 uses a weak encryption algorithm to protect input parameters. NOTE: this issue exists because of an incomplete fix for CVE-2018-15811. | 7.1.2, 7.1.0, 7.3.1.20, 7.3.0.499, 7.4.0.353, 7.0.6.121, 6.0.0, 7.0.0 (Show all) | Patch → NO_SAFE_VERSION |
| CVE-2018-15812 | DNN (aka DotNetNuke) 9.2 through 9.2.1 incorrectly converts encryption key source values, resulting in lower than expected entropy. | 9.2.1.533, 9.2.0.366 | Patch → NO_SAFE_VERSION |
| CVE-2018-15811 | DNN (aka DotNetNuke) 9.2 through 9.2.1 uses a weak encryption algorithm to protect input parameters. | 9.2.1.533, 9.2.0.366 | Patch → NO_SAFE_VERSION |
| CVE-2018-14486 | DNN (formerly DotNetNuke) 9.1.1 allows cross-site scripting (XSS) via XML. | 7.1.2, 7.1.0, 7.3.1.20, 7.3.0.499, 7.4.0.353, 7.0.6.121, 6.0.0, 7.0.0 (Show all) | Patch → NO_SAFE_VERSION |
| CVE-2017-9822 | DNN (aka DotNetNuke) before 9.1.1 has Remote Code Execution via a cookie, aka "2017-08 (Critical) Possible remote code execution on DNN sites." | 7.1.2, 7.1.0, 7.3.1.20, 7.3.0.499, 7.4.0.353, 7.0.6.121, 6.0.0, 7.0.0 (Show all) | Patch → NO_SAFE_VERSION |
| CVE-2017-0929 | DNN (aka DotNetNuke) before 9.2.0 suffers from a Server-Side Request Forgery (SSRF) vulnerability in the DnnImageHandler class. Attackers may be able to access information about internal network resources. | 7.1.2, 7.1.0, 7.3.1.20, 7.3.0.499, 7.4.0.353, 7.0.6.121, 6.0.0, 7.0.0 (Show all) | Patch → NO_SAFE_VERSION |
| CVE-2016-7119 | Cross-site scripting (XSS) vulnerability in the user-profile biography section in DotNetNuke (DNN) before 8.0.1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted onclick attribute in an IMG element. | 7.1.2, 7.1.0, 7.3.1.20, 7.3.0.499, 7.4.0.353, 7.0.6.121, 6.0.0, 7.0.0 (Show all) | Patch → NO_SAFE_VERSION |
| CVE-2015-2794 | The installation wizard in DotNetNuke (DNN) before 7.4.1 allows remote attackers to reinstall the application and gain SuperUser access via a direct request to Install/InstallWizard.aspx. | 7.1.2, 7.1.0, 7.3.1.20, 7.3.0.499, 7.4.0.353, 7.0.6.121, 6.0.0, 7.0.0 (Show all) | Patch → NO_SAFE_VERSION |
| CVE-2015-1566 | Cross-site scripting (XSS) vulnerability in DotNetNuke (DNN) before 7.4.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 7.1.2, 7.1.0, 7.3.1.20, 7.3.0.499, 7.0.6.121, 6.0.0, 7.0.0, 7.2.0.613 | Patch → NO_SAFE_VERSION |
| CVE-2013-7335 | Open redirect vulnerability in DotNetNuke (DNN) before 6.2.9 and 7.x before 7.1.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. | 7.1.0, 7.0.6.121, 6.0.0, 7.0.0 | Patch → NO_SAFE_VERSION |
| CVE-2013-4649 | Cross-site scripting (XSS) vulnerability in DotNetNuke (DNN) before 6.2.9 and 7.x before 7.1.1 allows remote attackers to inject arbitrary web script or HTML via the __dnnVariable parameter to the default URI. | 7.1.0, 7.0.6.121, 6.0.0, 7.0.0 | Patch → NO_SAFE_VERSION |
| CVE-2013-3943 | Cross-site scripting (XSS) vulnerability in DotNetNuke (DNN) before 6.2.9 and 7.x before 7.1.1 allows remote authenticated users to inject arbitrary web script or HTML via vectors related to the Display Name field in the Manage Profile. | 7.1.0, 7.0.6.121, 6.0.0, 7.0.0 | Patch → NO_SAFE_VERSION |
| CVE-2012-1030 | Cross-site scripting (XSS) vulnerability in DotNetNuke 6.x through 6.0.2 allows user-assisted remote attackers to inject arbitrary web script or HTML via a crafted URL containing text that is used within a modal popup. | 6.0.0 | Patch → NO_SAFE_VERSION |
Instantly see if these DotNetNuke.Core vulnerabilities affect your code.