DNN (aka DotNetNuke) 9.2 through 9.2.1 uses a weak encryption algorithm to protect input parameters.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NDnnsoftware Dotnetnuke
APPDnnsoftware9.2 – 9.2.1
CISA KEV — detailsi
- Vendori
- DotNetNuke (DNN)
- Producti
- DotNetNuke (DNN)
- Added to KEVi
- November 3, 2021
- Remediation deadline (US Federal)i
- May 3, 2022(overdue)
Required action (CISA)i
Apply updates per vendor instructions.
CISA descriptioni
DotNetNuke (DNN) contains an inadequate encryption strength vulnerability resulting from the use of a weak encryption algorithm to protect input parameters.
🔴
IMMEDIATE ACTION
Actively exploited in the wild (CISA KEV). Patch immediately.
⏰CISA DEADLINE: 3 maja 2022
References
Related vulnerabilities
CVE-2026-24838CRITICAL9.1PL ✓ten sam produkt
DNN/DotNetNuke: XSS w tytule modułu umożliwia wykonanie skryptów
CVE-2025-64095CRITICAL10.0PL ✓ten sam produkt
DNN/DotNetNuke: nieuwierzytelnione przesyłanie i nadpisywanie plików (RCE/XSS)
CVE-2025-59545CRITICAL9.0PL ✓ten sam produkt
XSS w module Prompt platformy DNN (DotNetNuke) — wykonanie skryptu
CVE-2015-2794CRITICAL9.8ten sam produkt
The installation wizard in DotNetNuke (DNN) before 7.4.1 allows remote attackers to reinstall the application ...
CVE-2018-18325HIGH7.5⚠ KEVten sam produkt
DNN (aka DotNetNuke) 9.2 through 9.2.2 uses a weak encryption algorithm to protect input parameters. NOTE: thi...