Advisories for Nuget/DotNetNuke.Core package

Sanitization of the content of uploaded SVG files was not covering all possible XSS scenarios.

Users that can edit modules could set a title that includes scripts.

The Prompt module allows execution of commands that can return raw HTML. Malicious input, even if sanitized for display elsewhere, can be executed when processed through certain commands, leading to potential script execution (XSS).

A reflected cross-site scripting (XSS) vulnerability exists under certain conditions, using a specially crafter url to view a user profile

Arbitrary themes can be loaded through query parameters. If an installed theme had a vulnerability, even if it was not used on any page, this could be loaded on unsuspecting clients without knowledge of the site owner.

Users can use special syntax to inject javascript code in their profile biography field. Although there was sanitization in place, it did not cover all possible scenarios

Users can use special syntax to inject javascript code in their profile biography field. Although there was sanitization in place, it did not cover all possible scenarios

A specially crafted URL may be constructed which can inject an XSS payload that is triggered by using some module actions.

Uploaded SVG files could contain scripts and if rendered inline those scripts could run allowing XSS attacks.

A bypass has been identified for the previously known vulnerability CVE-2017-0929, allowing unauthenticated attackers to execute arbitrary GET requests against target systems, including internal or adjacent networks.

An arbitrary file upload vulnerability in the Digital Assets Manager module of DNN Corp DotNetNuke v7.0.0 to v9.10.2 allows attackers to execute arbitrary code via a crafted SVG file.

Relative Path Traversal in GitHub repository dnnsoftware/dnn.platform prior to 9.11.0.

DotNetNuke (DNN) 9.9.1 CMS is vulnerable to a Stored Cross-Site Scripting vulnerability in the user profile biography section which allows remote authenticated users to inject arbitrary code via a crafted payload.

The AppCheck research team identified a Server-Side Request Forgery (SSRF) vulnerability within the DNN CMS platform, formerly known as DotNetNuke. SSRF vulnerabilities allow the attacker to exploit the target system to make network requests on their behalf, allowing a range of possible attacks. In the most common scenario, the attacker exploits SSRF vulnerabilities to attack systems behind the firewall and access sensitive information from Cloud Provider metadata services.

DotNetNuke before 4.8.2, during installation or upgrade, does not warn the administrator when the default (1) ValidationKey and (2) DecryptionKey values cannot be modified in the web.config file, which allows remote attackers to bypass intended access restrictions by using the default keys.

There is an information disclosure issue in DNN (formerly DotNetNuke) within the built-in Activity-Feed/Messaging/Userid/ Message Center module. A registered user is able to enumerate any file in the Admin File Manager (other than ones contained in a secure folder) by sending themselves a message with the file attached, e.g., by using an arbitrary small integer value in the fileIds parameter.

DNN (formerly DotNetNuke) has Insecure Permissions.

DNN (formerly DotNetNuke) allows XSS.

DNN (formerly DotNetNuke) allows Path Traversal.

Stored Cross-Site Scripting in DotNetNuke (DNN) allows remote attackers to store and embed the malicious script into the admin notification page. The exploit could be used to perfom any action with admin privileges such as managing content, adding users, uploading backdoors to the server, etc. Successful exploitation occurs when an admin user visits a notification page with stored cross-site scripting.

DNN (aka DotNetNuke) 9.2 through 9.2.1 uses a weak encryption algorithm to protect input parameters.

DNN (aka DotNetNuke) 9.2 through 9.2.2 uses a weak encryption algorithm to protect input parameters. NOTE: this issue exists because of an incomplete fix for CVE-2018-15811.

DNN (aka DotNetNuke) incorrectly converts encryption key source values, resulting in lower than expected entropy. NOTE: this issue exists because of an incomplete fix for CVE-2018-15812.

DNN (aka DotNetNuke) incorrectly converts encryption key source values, resulting in lower than expected entropy.

DNN (formerly DotNetNuke) allows cross-site scripting (XSS) via XML.

DNN (aka DotNetNuke) suffers from a Server-Side Request Forgery (SSRF) vulnerability in the DnnImageHandler class. Attackers may be able to access information about internal network resources.

DNN (aka DotNetNuke) has Remote Code Execution via a cookie, aka "2017-08 (Critical) Possible remote code execution on DNN sites."

The installation wizard in DotNetNuke (DNN) allows remote attackers to reinstall the application and gain SuperUser access via a direct request to Install/InstallWizard.aspx.

Cross-site scripting (XSS) vulnerability in the user-profile biography section in DotNetNuke (DNN) allows remote authenticated users to inject arbitrary web script or HTML via a crafted onclick attribute in an IMG element.

Cross-site scripting (XSS) vulnerability in DotNetNuke (DNN) allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Cross-site scripting (XSS) vulnerability in DotNetNuke (DNN) allows remote attackers to inject arbitrary web script or HTML via the __dnnVariable parameter to the default URI.

Cross-site scripting (XSS) vulnerability in DotNetNuke (DNN) allows remote authenticated users to inject arbitrary web script or HTML via vectors related to the Display Name field in the Manage Profile.

Open redirect vulnerability in DotNetNuke (DNN) allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.

Cross-site scripting (XSS) vulnerability in the telerik HTML editor in DotNetNuke allows remote attackers to inject arbitrary web script or HTML via a message.

Cross-site scripting (XSS) vulnerability in DotNetNuke allows user-assisted remote attackers to inject arbitrary web script or HTML via a crafted URL containing text that is used within a modal popup.

Cross-site scripting (XSS) vulnerability in Install/InstallWizard.aspx in DotNetNuke allows remote attackers to inject arbitrary web script or HTML via the __VIEWSTATE parameter.