Filtered by vendor Dnnsoftware
Subscriptions
Filtered by product Dnn Platform
Subscriptions
Total
8 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-59821 | 1 Dnnsoftware | 2 Dnn Platform, Dotnetnuke | 2025-09-29 | 6.5 Medium |
| DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Prior to version 10.1.0, DNN’s URL/path handling and template rendering can allow specially crafted input to be reflected into a user profile that is returned to the browser. In these cases, the application does not sufficiently neutralize or encode characters that are meaningful in HTML, so an attacker can cause a victim’s browser to interpret attacker-controlled content as part of the page’s HTML. This issue has been patched in version 10.1.0. | ||||
| CVE-2025-59548 | 1 Dnnsoftware | 2 Dnn Platform, Dotnetnuke | 2025-09-29 | 6.1 Medium |
| DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Prior to version 10.1.0, specially crafted URLs to the FileBrowser are vulnerable to javascript injection, affecting any unsuspecting user clicking such link. This issue has been patched in version 10.1.0. | ||||
| CVE-2025-59547 | 1 Dnnsoftware | 2 Dnn Platform, Dotnetnuke | 2025-09-29 | 5.3 Medium |
| DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Prior to version 10.1.0, the CKEditor file upload endpoint has insufficient sanitization for filenames allowing probing network endpoints. A specially crafted request can be made to upload a file with Unicode characters, which would be translated into a path that could expose resources in the internal network of the hosted site. This issue has been patched in version 10.1.0. | ||||
| CVE-2025-59546 | 1 Dnnsoftware | 2 Dnn Platform, Dotnetnuke | 2025-09-29 | 2.4 Low |
| DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Prior to version 10.1.0, administrators and content editors can set html in module titles that could include javascript which could be used for XSS based attacks. This issue has been patched in version 10.1.0. | ||||
| CVE-2025-59545 | 1 Dnnsoftware | 2 Dnn Platform, Dotnetnuke | 2025-09-29 | 9.1 Critical |
| DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Prior to version 10.1.0, the Prompt module allows execution of commands that can return raw HTML. Malicious input, even if sanitized for display elsewhere, can be executed when processed through certain commands, leading to potential script execution (XSS). This issue has been patched in version 10.1.0. | ||||
| CVE-2025-59535 | 1 Dnnsoftware | 2 Dnn Platform, Dotnetnuke | 2025-09-29 | 6.5 Medium |
| DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Prior to version 10.1.0, arbitrary themes can be loaded through query parameters. If an installed theme had a vulnerability, even if it was not used on any page, this could be loaded on unsuspecting clients without knowledge of the site owner. This issue has been patched in version 10.1.0. | ||||
| CVE-2025-59539 | 1 Dnnsoftware | 2 Dnn Platform, Dotnetnuke | 2025-09-29 | 6.3 Medium |
| DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Prior to version 10.1.0, when embedding information in the Biography field, even if that field is not rich-text, users could inject javascript code that would run in the context of the website and to any other user that can view the profile including administrators and/or superusers. This issue has been patched in version 10.1.0. | ||||
| CVE-2025-52486 | 1 Dnnsoftware | 2 Dnn Platform, Dotnetnuke | 2025-09-15 | 6.1 Medium |
| DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. In versions 6.0.0 to before 10.0.1, DNN.PLATFORM allows specially crafted content in URLs to be used with TokenReplace and not be properly sanitized by some SkinObjects. This issue has been patched in version 10.0.1. | ||||
Page 1 of 1.