Cross-Site Scripting (XSS)
DNN.PLATFORM is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to insufficient validation in the TokenReplace function and SkinObjects, which fail to handle specially crafted URLs, allowing attackers to inject and execute arbitrary scripts in the user's browser...