Lucene search
K

286 matches found

RedhatCVE
RedhatCVE
added 2025/05/25 4:12 p.m.20 views

CVE-2025-48378

DNN formerly DotNetNuke is an open-source web content management platform CMS in the Microsoft ecosystem. Prior to version 9.13.9, uploaded SVG files could contain scripts and if rendered inline those scripts could run allowing XSS attacks. Version 9.13.9 fixes the issue...

6.1CVSS6.2AI score0.00244EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/25 4:12 p.m.18 views

CVE-2025-48377

DNN formerly DotNetNuke is an open-source web content management platform CMS in the Microsoft ecosystem. Prior to version 9.13.9, a specially crafted URL may be constructed which can inject an XSS payload that is triggered by using some module actions. Version 9.13.9 fixes the issue...

6CVSS6.1AI score0.00198EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/25 4:12 p.m.20 views

CVE-2025-48376

DNN formerly DotNetNuke is an open-source web content management platform CMS in the Microsoft ecosystem. Prior to version 9.13.9, a malicious SuperUser Host could craft a request to use an external url for a site export to then be imported. Version 9.13.9 fixes the issue...

3.5CVSS7AI score0.00214EPSS
Exploits0References1
OSV
OSV
added 2025/05/23 4:58 p.m.27 views

GHSA-M4HF-FXCG-CP34 DNN allows Stored Cross-Site Scripting (XSS) with svg files rendered inline

Uploaded SVG files could contain scripts and if rendered inline those scripts could run allowing XSS attacks...

6.1CVSS6.2AI score0.00244EPSS
Exploits0References4
NVD
NVD
added 2025/05/23 4:15 p.m.49 views

CVE-2025-48378

DNN formerly DotNetNuke is an open-source web content management platform CMS in the Microsoft ecosystem. Prior to version 9.13.9, uploaded SVG files could contain scripts and if rendered inline those scripts could run allowing XSS attacks. Version 9.13.9 fixes the issue...

6.1CVSS0.00244EPSS
Exploits0References2
NVD
NVD
added 2025/05/23 4:15 p.m.54 views

CVE-2025-48376

DNN formerly DotNetNuke is an open-source web content management platform CMS in the Microsoft ecosystem. Prior to version 9.13.9, a malicious SuperUser Host could craft a request to use an external url for a site export to then be imported. Version 9.13.9 fixes the issue...

3.5CVSS0.00214EPSS
Exploits0References2
NVD
NVD
added 2025/05/23 4:15 p.m.63 views

CVE-2025-48377

DNN formerly DotNetNuke is an open-source web content management platform CMS in the Microsoft ecosystem. Prior to version 9.13.9, a specially crafted URL may be constructed which can inject an XSS payload that is triggered by using some module actions. Version 9.13.9 fixes the issue...

6CVSS0.00198EPSS
Exploits0References2
OSV
OSV
added 2025/05/23 4:11 p.m.64 views

GHSA-62MF-VHHW-XMF8 DNN site Import could use an external source with a crafted request

A malicious SuperUser Host could craft a request to use an external url for a site export to then be imported...

3.5CVSS6.9AI score0.00214EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2025/05/23 4:11 p.m.14 views

DNN site Import could use an external source with a crafted request

A malicious SuperUser Host could craft a request to use an external url for a site export to then be imported...

3.5CVSS6.7AI score0.00214EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2025/05/23 3:39 p.m.34 views

CVE-2025-48377 Dnn.Platform vulnerable to Reflected Cross-Site Scripting (XSS) in module actions in edit mode

DNN formerly DotNetNuke is an open-source web content management platform CMS in the Microsoft ecosystem. Prior to version 9.13.9, a specially crafted URL may be constructed which can inject an XSS payload that is triggered by using some module actions. Version 9.13.9 fixes the issue...

6CVSS6AI score0.00198EPSS
Exploits0References4
Cvelist
Cvelist
added 2025/05/23 3:39 p.m.67 views

CVE-2025-48377 Dnn.Platform vulnerable to Reflected Cross-Site Scripting (XSS) in module actions in edit mode

DNN formerly DotNetNuke is an open-source web content management platform CMS in the Microsoft ecosystem. Prior to version 9.13.9, a specially crafted URL may be constructed which can inject an XSS payload that is triggered by using some module actions. Version 9.13.9 fixes the issue...

6CVSS0.00198EPSS
Exploits0References2
CVE
CVE
added 2025/05/23 3:39 p.m.70 views

CVE-2025-48377

CVE-2025-48377 affects DNN (Dnn.Platform) prior to version 9.13.9. A specially crafted URL can inject an XSS payload that is triggered by certain module actions; version 9.13.9 includes a fix. Practical impact is an HTML/script injection via module actions, as described in multiple sources; no ex...

6CVSS5.7AI score0.00198EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2025/05/23 3:39 p.m.10 views

CVE-2025-48378 Dnn.Platform vulnerable to Stored Cross-Site Scripting (XSS) with svg files rendered inline

DNN formerly DotNetNuke is an open-source web content management platform CMS in the Microsoft ecosystem. Prior to version 9.13.9, uploaded SVG files could contain scripts and if rendered inline those scripts could run allowing XSS attacks. Version 9.13.9 fixes the issue...

6.1CVSS5.8AI score0.00244EPSS
Exploits0References2
OSV
OSV
added 2025/05/23 3:39 p.m.16 views

CVE-2025-48378 Dnn.Platform vulnerable to Stored Cross-Site Scripting (XSS) with svg files rendered inline

DNN formerly DotNetNuke is an open-source web content management platform CMS in the Microsoft ecosystem. Prior to version 9.13.9, uploaded SVG files could contain scripts and if rendered inline those scripts could run allowing XSS attacks. Version 9.13.9 fixes the issue...

6.1CVSS6AI score0.00244EPSS
Exploits0References4
Cvelist
Cvelist
added 2025/05/23 3:39 p.m.50 views

CVE-2025-48378 Dnn.Platform vulnerable to Stored Cross-Site Scripting (XSS) with svg files rendered inline

DNN formerly DotNetNuke is an open-source web content management platform CMS in the Microsoft ecosystem. Prior to version 9.13.9, uploaded SVG files could contain scripts and if rendered inline those scripts could run allowing XSS attacks. Version 9.13.9 fixes the issue...

6.1CVSS0.00244EPSS
Exploits0References2
CVE
CVE
added 2025/05/23 3:39 p.m.95 views

CVE-2025-48378

Consolidated evidence shows DNN (DotNetNuke) prior to specific versions is vulnerable to stored XSS via SVG uploads due to incomplete sanitization. CVE-2025-48378 (fixed in 9.13.9) describes that uploaded SVGs could contain scripts that execute when rendered inline. The connected advisories also ...

6.1CVSS5.8AI score0.00244EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2025/05/23 3:37 p.m.50 views

CVE-2025-48376 Dnn.Platform's Site Import could use an external source with a crafted request

DNN formerly DotNetNuke is an open-source web content management platform CMS in the Microsoft ecosystem. Prior to version 9.13.9, a malicious SuperUser Host could craft a request to use an external url for a site export to then be imported. Version 9.13.9 fixes the issue...

3.5CVSS0.00214EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/05/23 3:37 p.m.14 views

CVE-2025-48376 Dnn.Platform's Site Import could use an external source with a crafted request

DNN formerly DotNetNuke is an open-source web content management platform CMS in the Microsoft ecosystem. Prior to version 9.13.9, a malicious SuperUser Host could craft a request to use an external url for a site export to then be imported. Version 9.13.9 fixes the issue...

3.5CVSS3.8AI score0.00214EPSS
Exploits0References2
OSV
OSV
added 2025/05/23 3:37 p.m.20 views

CVE-2025-48376 Dnn.Platform's Site Import could use an external source with a crafted request

DNN formerly DotNetNuke is an open-source web content management platform CMS in the Microsoft ecosystem. Prior to version 9.13.9, a malicious SuperUser Host could craft a request to use an external url for a site export to then be imported. Version 9.13.9 fixes the issue...

3.5CVSS6.4AI score0.00214EPSS
Exploits0References4
CVE
CVE
added 2025/05/23 3:37 p.m.74 views

CVE-2025-48376

CVE-2025-48376 affects DNN (DotNetNuke) prior to 9.13.9. A malicious SuperUser (Host) could craft a request to use an external URL for a site export, which could then be imported. The issue is fixed in version 9.13.9. Other related issues (CVE-2025-48377, CVE-2025-48378) are reported by Nessus bu...

3.5CVSS3.8AI score0.00214EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder