6 matches found
Malicious Package
Overview microsoft-cms-client is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...
Malicious code in microsoft-cms-client (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c507e9ca51bd8797443e8339d9069ce7a53d5b16d99e2198f6f856fcfa5a1ecf The package microsoft-cms-client was found to contain malicious code. Source: ghsa-malware...
MAL-2026-978 Malicious code in microsoft-cms-client (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c507e9ca51bd8797443e8339d9069ce7a53d5b16d99e2198f6f856fcfa5a1ecf The package microsoft-cms-client was found to contain malicious code. Source: ghsa-malware...
CVE-2025-52485 DNN.PLATFORM Allows Stored Cross-Site Scripting (XSS) in Activity Feed
DNN formerly DotNetNuke is an open-source web content management platform CMS in the Microsoft ecosystem. In versions 6.0.0 to before 10.0.1, DNN.PLATFORM allows a specially crafted request to inject scripts in the Activity Feed Attachments endpoint which will then render in the feed. This issue...
CVE-2025-32374
DNN formerly DotNetNuke is an open-source web content management platform CMS in the Microsoft ecosystem. Possible denial of service with specially crafted information in the public registration form. This vulnerability is fixed in 9.13.8...
CVE-2025-32371 Unexpected external content may be displayed in DNN ImageHandler
DNN formerly DotNetNuke is an open-source web content management platform CMS in the Microsoft ecosystem. A url could be crafted to the DNN ImageHandler to render text from a querystring parameter. This text would display in the resulting image and a user that trusts the domain might think that t...