Dnnsoftware: community verdicts
3 notable / known-exploited Dnnsoftware CVEs the community has triaged.
ⓘ Not an exhaustive list: we focus on the findings that matter (exploited / notable). For every Dnnsoftware CVE, see NVD ↗.
- CVE-2017-9822HIGH 8.8KEVEPSS 95%
DNN (aka DotNetNuke) before 9.1.1 has Remote Code Execution via a cookie, aka "2017-08 (Critical) Possible remote code execution on DNN sites."
- CVE-2018-18325HIGH 7.5KEVEPSS 74%
DNN (aka DotNetNuke) 9.2 through 9.2.2 uses a weak encryption algorithm to protect input parameters. NOTE: this issue exists because of an incomplete fix for CVE-2018-15811.
- CVE-2018-15811HIGH 7.5KEVEPSS 74%
DNN (aka DotNetNuke) 9.2 through 9.2.1 uses a weak encryption algorithm to protect input parameters.