286 matches found
CVE-2025-48378
DNN formerly DotNetNuke is an open-source web content management platform CMS in the Microsoft ecosystem. Prior to version 9.13.9, uploaded SVG files could contain scripts and if rendered inline those scripts could run allowing XSS attacks. Version 9.13.9 fixes the issue...
CVE-2025-48377
DNN formerly DotNetNuke is an open-source web content management platform CMS in the Microsoft ecosystem. Prior to version 9.13.9, a specially crafted URL may be constructed which can inject an XSS payload that is triggered by using some module actions. Version 9.13.9 fixes the issue...
CVE-2025-48376
DNN formerly DotNetNuke is an open-source web content management platform CMS in the Microsoft ecosystem. Prior to version 9.13.9, a malicious SuperUser Host could craft a request to use an external url for a site export to then be imported. Version 9.13.9 fixes the issue...
GHSA-M4HF-FXCG-CP34 DNN allows Stored Cross-Site Scripting (XSS) with svg files rendered inline
Uploaded SVG files could contain scripts and if rendered inline those scripts could run allowing XSS attacks...
CVE-2025-48378
DNN formerly DotNetNuke is an open-source web content management platform CMS in the Microsoft ecosystem. Prior to version 9.13.9, uploaded SVG files could contain scripts and if rendered inline those scripts could run allowing XSS attacks. Version 9.13.9 fixes the issue...
CVE-2025-48376
DNN formerly DotNetNuke is an open-source web content management platform CMS in the Microsoft ecosystem. Prior to version 9.13.9, a malicious SuperUser Host could craft a request to use an external url for a site export to then be imported. Version 9.13.9 fixes the issue...
CVE-2025-48377
DNN formerly DotNetNuke is an open-source web content management platform CMS in the Microsoft ecosystem. Prior to version 9.13.9, a specially crafted URL may be constructed which can inject an XSS payload that is triggered by using some module actions. Version 9.13.9 fixes the issue...
GHSA-62MF-VHHW-XMF8 DNN site Import could use an external source with a crafted request
A malicious SuperUser Host could craft a request to use an external url for a site export to then be imported...
DNN site Import could use an external source with a crafted request
A malicious SuperUser Host could craft a request to use an external url for a site export to then be imported...
CVE-2025-48377 Dnn.Platform vulnerable to Reflected Cross-Site Scripting (XSS) in module actions in edit mode
DNN formerly DotNetNuke is an open-source web content management platform CMS in the Microsoft ecosystem. Prior to version 9.13.9, a specially crafted URL may be constructed which can inject an XSS payload that is triggered by using some module actions. Version 9.13.9 fixes the issue...
CVE-2025-48377 Dnn.Platform vulnerable to Reflected Cross-Site Scripting (XSS) in module actions in edit mode
DNN formerly DotNetNuke is an open-source web content management platform CMS in the Microsoft ecosystem. Prior to version 9.13.9, a specially crafted URL may be constructed which can inject an XSS payload that is triggered by using some module actions. Version 9.13.9 fixes the issue...
CVE-2025-48377
CVE-2025-48377 affects DNN (Dnn.Platform) prior to version 9.13.9. A specially crafted URL can inject an XSS payload that is triggered by certain module actions; version 9.13.9 includes a fix. Practical impact is an HTML/script injection via module actions, as described in multiple sources; no ex...
CVE-2025-48378 Dnn.Platform vulnerable to Stored Cross-Site Scripting (XSS) with svg files rendered inline
DNN formerly DotNetNuke is an open-source web content management platform CMS in the Microsoft ecosystem. Prior to version 9.13.9, uploaded SVG files could contain scripts and if rendered inline those scripts could run allowing XSS attacks. Version 9.13.9 fixes the issue...
CVE-2025-48378 Dnn.Platform vulnerable to Stored Cross-Site Scripting (XSS) with svg files rendered inline
DNN formerly DotNetNuke is an open-source web content management platform CMS in the Microsoft ecosystem. Prior to version 9.13.9, uploaded SVG files could contain scripts and if rendered inline those scripts could run allowing XSS attacks. Version 9.13.9 fixes the issue...
CVE-2025-48378 Dnn.Platform vulnerable to Stored Cross-Site Scripting (XSS) with svg files rendered inline
DNN formerly DotNetNuke is an open-source web content management platform CMS in the Microsoft ecosystem. Prior to version 9.13.9, uploaded SVG files could contain scripts and if rendered inline those scripts could run allowing XSS attacks. Version 9.13.9 fixes the issue...
CVE-2025-48378
Consolidated evidence shows DNN (DotNetNuke) prior to specific versions is vulnerable to stored XSS via SVG uploads due to incomplete sanitization. CVE-2025-48378 (fixed in 9.13.9) describes that uploaded SVGs could contain scripts that execute when rendered inline. The connected advisories also ...
CVE-2025-48376 Dnn.Platform's Site Import could use an external source with a crafted request
DNN formerly DotNetNuke is an open-source web content management platform CMS in the Microsoft ecosystem. Prior to version 9.13.9, a malicious SuperUser Host could craft a request to use an external url for a site export to then be imported. Version 9.13.9 fixes the issue...
CVE-2025-48376 Dnn.Platform's Site Import could use an external source with a crafted request
DNN formerly DotNetNuke is an open-source web content management platform CMS in the Microsoft ecosystem. Prior to version 9.13.9, a malicious SuperUser Host could craft a request to use an external url for a site export to then be imported. Version 9.13.9 fixes the issue...
CVE-2025-48376 Dnn.Platform's Site Import could use an external source with a crafted request
DNN formerly DotNetNuke is an open-source web content management platform CMS in the Microsoft ecosystem. Prior to version 9.13.9, a malicious SuperUser Host could craft a request to use an external url for a site export to then be imported. Version 9.13.9 fixes the issue...
CVE-2025-48376
CVE-2025-48376 affects DNN (DotNetNuke) prior to 9.13.9. A malicious SuperUser (Host) could craft a request to use an external URL for a site export, which could then be imported. The issue is fixed in version 9.13.9. Other related issues (CVE-2025-48377, CVE-2025-48378) are reported by Nessus bu...