You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Provides basic references to the DotNetNuke.dll to develop extensions for the DNN Platform. For MVC or WebAPI please see other packages available as well
Path to dependency file: /Modules/UpendoPrompt/Upendo.Modules.UpendoPrompt.csproj
Path to vulnerable library: /Modules/UpendoPrompt/packages/DotNetNuke.Core.9.10.0/DotNetNuke.Core.9.10.0.nupkg,/Modules/UpendoPrompt/Upendo.Modules.UpendoPrompt.csproj
Provides basic references to the DotNetNuke.dll to develop extensions for the DNN Platform. For MVC or WebAPI please see other packages available as well
Path to dependency file: /Modules/UpendoPrompt/Upendo.Modules.UpendoPrompt.csproj
Path to vulnerable library: /Modules/UpendoPrompt/packages/DotNetNuke.Core.9.10.0/DotNetNuke.Core.9.10.0.nupkg,/Modules/UpendoPrompt/Upendo.Modules.UpendoPrompt.csproj
The AppCheck research team identified a Server-Side Request Forgery (SSRF) vulnerability within the DNN CMS platform, formerly known as DotNetNuke. SSRF vulnerabilities allow the attacker to exploit the target system to make network requests on their behalf, allowing a range of possible attacks. In the most common scenario, the attacker exploits SSRF vulnerabilities to attack systems behind the firewall and access sensitive information from Cloud Provider metadata services.
Provides basic references to the DotNetNuke.dll to develop extensions for the DNN Platform. For MVC or WebAPI please see other packages available as well
Path to dependency file: /Modules/UpendoPrompt/Upendo.Modules.UpendoPrompt.csproj
Path to vulnerable library: /Modules/UpendoPrompt/packages/DotNetNuke.Core.9.10.0/DotNetNuke.Core.9.10.0.nupkg,/Modules/UpendoPrompt/Upendo.Modules.UpendoPrompt.csproj
Provides basic references to the DotNetNuke.dll to develop extensions for the DNN Platform. For MVC or WebAPI please see other packages available as well
Path to dependency file: /Modules/UpendoPrompt/Upendo.Modules.UpendoPrompt.csproj
Path to vulnerable library: /Modules/UpendoPrompt/packages/DotNetNuke.Core.9.10.0/DotNetNuke.Core.9.10.0.nupkg,/Modules/UpendoPrompt/Upendo.Modules.UpendoPrompt.csproj
DotNetNuke (DNN) 9.9.1 CMS is vulnerable to a Stored Cross-Site Scripting vulnerability in the user profile biography section which allows remote authenticated users to inject arbitrary code via a crafted payload.
Provides basic references to the DotNetNuke.dll to develop extensions for the DNN Platform. For MVC or WebAPI please see other packages available as well
Path to dependency file: /Modules/UpendoPrompt/Upendo.Modules.UpendoPrompt.csproj
Path to vulnerable library: /Modules/UpendoPrompt/packages/DotNetNuke.Core.9.10.0/DotNetNuke.Core.9.10.0.nupkg,/Modules/UpendoPrompt/Upendo.Modules.UpendoPrompt.csproj
Provides basic references to the DotNetNuke.dll to develop extensions for the DNN Platform. For MVC or WebAPI please see other packages available as well
Path to dependency file: /Modules/UpendoPrompt/Upendo.Modules.UpendoPrompt.csproj
Path to vulnerable library: /Modules/UpendoPrompt/packages/DotNetNuke.Core.9.10.0/DotNetNuke.Core.9.10.0.nupkg,/Modules/UpendoPrompt/Upendo.Modules.UpendoPrompt.csproj
mend-bolt-for-githubbot
changed the title
dotnetnuke.core.9.10.0.nupkg: 1 vulnerabilities (highest severity is: 8.8)
dotnetnuke.core.9.10.0.nupkg: 2 vulnerabilities (highest severity is: 8.8)
Oct 28, 2022
mend-bolt-for-githubbot
changed the title
dotnetnuke.core.9.10.0.nupkg: 2 vulnerabilities (highest severity is: 8.8)
dotnetnuke.core.9.10.0.nupkg: 5 vulnerabilities (highest severity is: 8.8)
Jan 11, 2023
mend-bolt-for-githubbot
changed the title
dotnetnuke.core.9.10.0.nupkg: 5 vulnerabilities (highest severity is: 8.8)
dotnetnuke.core.9.10.0.nupkg: 6 vulnerabilities (highest severity is: 8.8)
Jan 12, 2023
mend-bolt-for-githubbot
changed the title
dotnetnuke.core.9.10.0.nupkg: 6 vulnerabilities (highest severity is: 8.8)
dotnetnuke.core.9.10.0.nupkg: 5 vulnerabilities (highest severity is: 7.5)
Aug 4, 2023
mend-bolt-for-githubbot
changed the title
dotnetnuke.core.9.10.0.nupkg: 5 vulnerabilities (highest severity is: 7.5)
dotnetnuke.core.9.10.0.nupkg: 5 vulnerabilities (highest severity is: 6.5)
Oct 28, 2024
Vulnerable Library - dotnetnuke.core.9.10.0.nupkg
Provides basic references to the DotNetNuke.dll to develop extensions for the DNN Platform. For MVC or WebAPI please see other packages available as well
Library home page: https://api.nuget.org/packages/dotnetnuke.core.9.10.0.nupkg
Path to dependency file: /Modules/UpendoPrompt/Upendo.Modules.UpendoPrompt.csproj
Path to vulnerable library: /Modules/UpendoPrompt/packages/DotNetNuke.Core.9.10.0/DotNetNuke.Core.9.10.0.nupkg,/Modules/UpendoPrompt/Upendo.Modules.UpendoPrompt.csproj
Found in HEAD commit: 34d11f1fc219eef34bab125547d2716a9a9ac785
Vulnerabilities
**In some cases, Remediation PR cannot be created automatically for a vulnerability despite the availability of remediation
Details
CVE-2021-40186
Vulnerable Library - dotnetnuke.core.9.10.0.nupkg
Provides basic references to the DotNetNuke.dll to develop extensions for the DNN Platform. For MVC or WebAPI please see other packages available as well
Library home page: https://api.nuget.org/packages/dotnetnuke.core.9.10.0.nupkg
Path to dependency file: /Modules/UpendoPrompt/Upendo.Modules.UpendoPrompt.csproj
Path to vulnerable library: /Modules/UpendoPrompt/packages/DotNetNuke.Core.9.10.0/DotNetNuke.Core.9.10.0.nupkg,/Modules/UpendoPrompt/Upendo.Modules.UpendoPrompt.csproj
Dependency Hierarchy:
Found in HEAD commit: 34d11f1fc219eef34bab125547d2716a9a9ac785
Found in base branch: main
Vulnerability Details
The AppCheck research team identified a Server-Side Request Forgery (SSRF) vulnerability within the DNN CMS platform, formerly known as DotNetNuke. SSRF vulnerabilities allow the attacker to exploit the target system to make network requests on their behalf, allowing a range of possible attacks. In the most common scenario, the attacker exploits SSRF vulnerabilities to attack systems behind the firewall and access sensitive information from Cloud Provider metadata services.
Publish Date: 2022-05-31
URL: CVE-2021-40186
CVSS 3 Score Details (6.5)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: https://nvd.nist.gov/vuln/detail/CVE-2021-40186
Release Date: 2022-05-31
Fix Resolution: DotNetNuke.Web - 9.11.0;DotNetNuke.Core - 9.11.0
Step up your Open Source Security Game with Mend here
CVE-2020-5188
Vulnerable Library - dotnetnuke.core.9.10.0.nupkg
Provides basic references to the DotNetNuke.dll to develop extensions for the DNN Platform. For MVC or WebAPI please see other packages available as well
Library home page: https://api.nuget.org/packages/dotnetnuke.core.9.10.0.nupkg
Path to dependency file: /Modules/UpendoPrompt/Upendo.Modules.UpendoPrompt.csproj
Path to vulnerable library: /Modules/UpendoPrompt/packages/DotNetNuke.Core.9.10.0/DotNetNuke.Core.9.10.0.nupkg,/Modules/UpendoPrompt/Upendo.Modules.UpendoPrompt.csproj
Dependency Hierarchy:
Found in HEAD commit: 34d11f1fc219eef34bab125547d2716a9a9ac785
Found in base branch: main
Vulnerability Details
DNN (formerly DotNetNuke) through 9.4.4 has Insecure Permissions.
Publish Date: 2020-02-24
URL: CVE-2020-5188
CVSS 3 Score Details (6.5)
Base Score Metrics:
Step up your Open Source Security Game with Mend here
CVE-2021-31858
Vulnerable Library - dotnetnuke.core.9.10.0.nupkg
Provides basic references to the DotNetNuke.dll to develop extensions for the DNN Platform. For MVC or WebAPI please see other packages available as well
Library home page: https://api.nuget.org/packages/dotnetnuke.core.9.10.0.nupkg
Path to dependency file: /Modules/UpendoPrompt/Upendo.Modules.UpendoPrompt.csproj
Path to vulnerable library: /Modules/UpendoPrompt/packages/DotNetNuke.Core.9.10.0/DotNetNuke.Core.9.10.0.nupkg,/Modules/UpendoPrompt/Upendo.Modules.UpendoPrompt.csproj
Dependency Hierarchy:
Found in HEAD commit: 34d11f1fc219eef34bab125547d2716a9a9ac785
Found in base branch: main
Vulnerability Details
DotNetNuke (DNN) 9.9.1 CMS is vulnerable to a Stored Cross-Site Scripting vulnerability in the user profile biography section which allows remote authenticated users to inject arbitrary code via a crafted payload.
Publish Date: 2022-07-20
URL: CVE-2021-31858
CVSS 3 Score Details (5.4)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: https://nvd.nist.gov/vuln/detail/CVE-2021-31858
Release Date: 2022-07-20
Fix Resolution: DotNetNuke.Core - 9.11.0
Step up your Open Source Security Game with Mend here
CVE-2020-5186
Vulnerable Library - dotnetnuke.core.9.10.0.nupkg
Provides basic references to the DotNetNuke.dll to develop extensions for the DNN Platform. For MVC or WebAPI please see other packages available as well
Library home page: https://api.nuget.org/packages/dotnetnuke.core.9.10.0.nupkg
Path to dependency file: /Modules/UpendoPrompt/Upendo.Modules.UpendoPrompt.csproj
Path to vulnerable library: /Modules/UpendoPrompt/packages/DotNetNuke.Core.9.10.0/DotNetNuke.Core.9.10.0.nupkg,/Modules/UpendoPrompt/Upendo.Modules.UpendoPrompt.csproj
Dependency Hierarchy:
Found in HEAD commit: 34d11f1fc219eef34bab125547d2716a9a9ac785
Found in base branch: main
Vulnerability Details
DNN (formerly DotNetNuke) through 9.4.4 allows XSS (issue 1 of 2).
Publish Date: 2020-02-24
URL: CVE-2020-5186
CVSS 3 Score Details (5.4)
Base Score Metrics:
Step up your Open Source Security Game with Mend here
CVE-2022-2922
Vulnerable Library - dotnetnuke.core.9.10.0.nupkg
Provides basic references to the DotNetNuke.dll to develop extensions for the DNN Platform. For MVC or WebAPI please see other packages available as well
Library home page: https://api.nuget.org/packages/dotnetnuke.core.9.10.0.nupkg
Path to dependency file: /Modules/UpendoPrompt/Upendo.Modules.UpendoPrompt.csproj
Path to vulnerable library: /Modules/UpendoPrompt/packages/DotNetNuke.Core.9.10.0/DotNetNuke.Core.9.10.0.nupkg,/Modules/UpendoPrompt/Upendo.Modules.UpendoPrompt.csproj
Dependency Hierarchy:
Found in HEAD commit: 34d11f1fc219eef34bab125547d2716a9a9ac785
Found in base branch: main
Vulnerability Details
Relative Path Traversal in GitHub repository dnnsoftware/dnn.platform prior to 9.11.0.
Publish Date: 2022-09-30
URL: CVE-2022-2922
CVSS 3 Score Details (4.9)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: GHSA-9w72-2f23-57gm
Release Date: 2022-09-30
Fix Resolution: DotNetNuke.Core - 9.11.0, DotNetNuke.Web - 9.11.0
Step up your Open Source Security Game with Mend here
The text was updated successfully, but these errors were encountered: