CVE-2025-48376

LOW Year: 2025
CVSS v3 Score
3.5
Low
Weakness Type
CWE-841
View all →

Vulnerability Description

DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Prior to version 9.13.9, a malicious SuperUser (Host) could craft a request to use an external url for a site export to then be imported. Version 9.13.9 fixes the issue.

Related Vulnerabilities

CVE-2023-42939

LOW
CVSS:3.3(Low)

A logic issue was addressed with improved checks. This issue is fixed in iOS 17.1 and iPadOS 17.1. A user's private browsing activity may be unexpectedly saved in the App Privacy Report.

CWE-8412023

CVE-2023-1383

MEDIUM
CVSS:4.3(Medium)

An Improper Enforcement of Behavioral Workflow vulnerability in the exchangeDeviceServices function on the amzn.dmgr service allowed an attacker to register services that are only locally accessible. ...

CWE-8412023

CVE-2024-37296

MEDIUM
CVSS:5.3(Medium)

The Aimeos HTML client provides Aimeos HTML components for e-commerce projects. Starting in version 2020.04.1 and prior to versions 2020.10.27, 2021.10.21, 2022.10.12, 2023.10.14, and 2024.04.5, digit...

CWE-8412024

CVE-2024-39325

MEDIUM
CVSS:5.3(Medium)

aimeos/ai-controller-frontend is the Aimeos frontend controller. Prior to versions 2024.04.2, 2023.10.9, 2022.10.8, 2021.10.8, and 2020.10.15, aimeos/ai-controller-frontend doesn't reset the payment s...

CWE-8412024

CVE-2024-6128

MEDIUM
CVSS:5.3(Medium)

A vulnerability, which was classified as problematic, has been found in spa-cartcms 1.9.0.6. This issue affects some unknown processing of the file /checkout of the component Checkout Page. The manipu...

CWE-8412024

CVE-2023-4181

CRITICAL
CVSS:9.8(Critical)

A vulnerability, which was classified as critical, has been found in SourceCodester Free Hospital Management System for Small Practices 1.0. Affected by this issue is some unknown functionality of the...

CWE-8412023