HIGH🚩 CISA KEV⚡ EXPLOIT🇵🇱 Wersja polska

CVE-2018-15811

CVSS 7.5v3.1pub. 2019-07-03upd. 2025-11-07

DNN (aka DotNetNuke) 9.2 through 9.2.1 uses a weak encryption algorithm to protect input parameters.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
  • Dnnsoftware Dotnetnuke

    APP
    Dnnsoftware
    9.2 – 9.2.1

CISA KEV — detailsi

Vendori
DotNetNuke (DNN)
Producti
DotNetNuke (DNN)
Added to KEVi
November 3, 2021
Remediation deadline (US Federal)i
May 3, 2022(overdue)
Required action (CISA)i

Apply updates per vendor instructions.

CISA descriptioni

DotNetNuke (DNN) contains an inadequate encryption strength vulnerability resulting from the use of a weak encryption algorithm to protect input parameters.

🔴
IMMEDIATE ACTION
Actively exploited in the wild (CISA KEV). Patch immediately.
CISA DEADLINE: 3 maja 2022
CWE
References

Related vulnerabilities

CVE-2026-24838CRITICAL9.1PL ✓ten sam produkt

DNN/DotNetNuke: XSS w tytule modułu umożliwia wykonanie skryptów

CVE-2025-64095CRITICAL10.0PL ✓ten sam produkt

DNN/DotNetNuke: nieuwierzytelnione przesyłanie i nadpisywanie plików (RCE/XSS)

CVE-2025-59545CRITICAL9.0PL ✓ten sam produkt

XSS w module Prompt platformy DNN (DotNetNuke) — wykonanie skryptu

CVE-2015-2794CRITICAL9.8ten sam produkt

The installation wizard in DotNetNuke (DNN) before 7.4.1 allows remote attackers to reinstall the application ...

CVE-2018-18325HIGH7.5⚠ KEVten sam produkt

DNN (aka DotNetNuke) 9.2 through 9.2.2 uses a weak encryption algorithm to protect input parameters. NOTE: thi...