Add DotNetNuke.Core package reference to project

[fabio-barros]

No description provided.

[github-actions]

Dependency Review

The following issues were found:

• ❌ 1 vulnerable package(s)
• ✅ 0 package(s) with incompatible licenses
• ✅ 0 package(s) with invalid SPDX license definitions
• ✅ 0 package(s) with unknown licenses.

See the Details below.

Vulnerabilities

GHAS/GHAS.csproj

Name	Version	Vulnerability	Severity
DotNetNuke.Core	9.3.0	DotNetNuke.Core Vulnerable to Stored XSS via Module Title	critical
		DNN Vulnerable to Stored Cross-Site Scripting (XSS) in the Prompt module	critical
		DotNetNuke.Core Vulnerable to Stored XSS in Module Deletion Confirmation Modal	high
		DotNetNuke.Core Vulnerable to Stored XSS in Scheduler LogNotes	high
		DNN Path Traversal via Zip Slip	high
		DotNetNuke.Core has a potential XSS vulnerability in modules' header and footer	moderate
		DNN vulnerable to stored cross-site-scripting (XSS) via SVG upload	moderate
		DNN vulnerable to Reflected Cross-Site Scripting (XSS) using url to profile	moderate
		DNN affected by Stored Cross-Site Scripting (XSS) in Profile Biography field	moderate
		DNN allows loading unused themes on anonymous clients through query parameters	moderate
		DNN allows Stored Cross-Site Scripting (XSS) with svg files rendered inline	moderate
		Reflected Cross-Site Scripting (XSS) in module actions in edit mode	moderate
		DotNetNuke.Core Vulnerable to Server-Side Request Forgery (SSRF)	moderate
		DNN XSS Vulnerability	moderate
		DNN File Upload Vulnerability	moderate
		DNN vulnerable to Relative Path Traversal	moderate
		Stored Cross-Site Scripting vulnerability in admin component of DotNetNuke	moderate
		DNN Vulnerable to Stored XSS Using Backend Admin Credentials	low

OpenSSF Scorecard

Package	Version	Score	Details
nuget/DotNetNuke.Core	9.3.0	🟢 3.1	Details Check Score Reason Code-Review ⚠️ 0 Found 0/30 approved changesets -- score normalized to 0 Maintained 🟢 10 30 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10 Packaging ⚠️ -1 packaging workflow not detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Security-Policy 🟢 10 security policy file detected License 🟢 10 license file detected Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md Signed-Releases ⚠️ 0 Project has not signed or included provenance with any releases. SAST ⚠️ 0 no SAST tool detected Binary-Artifacts ⚠️ 0 binaries present in source code Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Fuzzing ⚠️ 0 project is not fuzzed Vulnerabilities ⚠️ 0 14 existing vulnerabilities detected

Scanned Files

• GHAS/GHAS.csproj