6 matches found
EUVD-2025-18803
Malicious code in bioql PyPI...
Cross-Site Scripting (XSS)
dnn.platform is vulnerable to cross-site scripting XSS. The vulnerability is due to improper input validation and sanitization in the Activity Feed Attachments endpoint, allowing malicious scripts to be injected and rendered...
CVE-2025-52485
DNN formerly DotNetNuke is an open-source web content management platform CMS in the Microsoft ecosystem. In versions 6.0.0 to before 10.0.1, DNN.PLATFORM allows a specially crafted request to inject scripts in the Activity Feed Attachments endpoint which will then render in the feed. This issue...
Cross-site Scripting (XSS)
Overview DotNetNuke.Core is a references provider to the DotNetNuke.dll to develop extensions for the DNN Platform. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the Activity Feed Attachments endpoint. An attacker can execute arbitrary scripts in the context of...
CVE-2025-52485
DNN formerly DotNetNuke is an open-source web content management platform CMS in the Microsoft ecosystem. In versions 6.0.0 to before 10.0.1, DNN.PLATFORM allows a specially crafted request to inject scripts in the Activity Feed Attachments endpoint which will then render in the feed. This issue...
PT-2025-26481
Name of the Vulnerable Software and Affected Versions: DNN formerly DotNetNuke versions 6.0.0 through 10.0.0 Description: The issue allows a specially crafted request to inject scripts in the "Activity Feed Attachments" endpoint, which will then render in the feed, resulting in a cross-site...