Cross-site Scripting (XSS)

dotnetnuke.core is vulnerable to cross-site scripting XSS. The vulnerability is due to module titles supporting rich text input without proper script sanitization, which allows an attacker to inject and execute malicious scripts in certain scenarios...

DNN Cross-Site Scripting Vulnerabilities

DNN also known as DotNetNuke is an open-source content management system CMS developed by the American company DNN, supported by Microsoft and based on the ASP.NET platform. This system features easy installation, scalability, and rich functionality. Versions of DNN prior to 9.13.10 and 10.2.0...

CVE-2026-24838

DNN formerly DotNetNuke is an open-source web content management platform CMS in the Microsoft ecosystem. Prior to versions 9.13.10 and 10.2.0, module title supports richtext which could include scripts that would execute in certain scenarios. Versions 9.13.10 and 10.2.0 contain a fix for the iss...

PT-2026-5043

Name of the Vulnerable Software and Affected Versions DNN formerly DotNetNuke versions prior to 9.13.10 DNN formerly DotNetNuke versions prior to 10.2.0 Description DNN formerly DotNetNuke is an open-source web content management platform. Prior to versions 9.13.10 and 10.2.0, the module title...

Cross-site Scripting

dotnetnuke.core is vulnerable to Cross-Site Scripting. The vulnerability is due to lack of input sanitization of module titles due to administrators and content editors being able to set raw HTML including JavaScript in titles, allowing attackers to inject scripts that execute in other user's...

CVE-2025-59546

DNN formerly DotNetNuke is an open-source web content management platform CMS in the Microsoft ecosystem. Prior to version 10.1.0, administrators and content editors can set html in module titles that could include javascript which could be used for XSS based attacks. This issue has been patched ...

Dotnetnuke < 10.1.0 Stored XSS Using Backend Admin Credentials (CVE-2025-59546)

According to its self-reported version, the instance of Dotnetnuke running on the remote web server is prior to 10.1.0. It is, therefore, affected by a vulnerability. - DNN formerly DotNetNuke is an open-source web content management platform CMS in the Microsoft ecosystem. Prior to version 10.1....

CVE-2025-59546

DNN formerly DotNetNuke is an open-source web content management platform CMS in the Microsoft ecosystem. Prior to version 10.1.0, administrators and content editors can set html in module titles that could include javascript which could be used for XSS based attacks. This issue has been patched ...

CVE-2025-59546 DNN Vulnerable to Stored XSS Using Backend Admin Credentials

DNN formerly DotNetNuke is an open-source web content management platform CMS in the Microsoft ecosystem. Prior to version 10.1.0, administrators and content editors can set html in module titles that could include javascript which could be used for XSS based attacks. This issue has been patched ...

CVE-2025-59546 DNN Vulnerable to Stored XSS Using Backend Admin Credentials

DNN formerly DotNetNuke is an open-source web content management platform CMS in the Microsoft ecosystem. Prior to version 10.1.0, administrators and content editors can set html in module titles that could include javascript which could be used for XSS based attacks. This issue has been patched ...

CVE-2025-59546 DNN Vulnerable to Stored XSS Using Backend Admin Credentials

DNN formerly DotNetNuke is an open-source web content management platform CMS in the Microsoft ecosystem. Prior to version 10.1.0, administrators and content editors can set html in module titles that could include javascript which could be used for XSS based attacks. This issue has been patched ...

CVE-2025-59546

CVE-2025-59546 affects DNN (DotNetNuke) prior to version 10.1.0. The vulnerability allows stored XSS via HTML/script in module titles by users with module-editing privileges and with the HTML-in-titles setting enabled. The issue has been patched in version 10.1.0. Affected components are the DNN ...

Cross-site Scripting (XSS)

Overview DotNetNuke.Core is a references provider to the DotNetNuke.dll to develop extensions for the DNN Platform. Affected versions of this package are vulnerable to Cross-site Scripting XSS in the Persona Bar module. An attacker can inject and execute arbitrary scripts by setting crafted HTML ...

DNN Vulnerable to Stored XSS Using Backend Admin Credentials

Summary Users that can edit modules could set a title that includes scripts. Description Some users administrators and content editors can set html in module titles and that could include javascript which could be used for XSS based attacks. With the addition of more roles being able to set modul...

GHSA-GJ8M-5492-Q98H DNN Vulnerable to Stored XSS Using Backend Admin Credentials

Summary Users that can edit modules could set a title that includes scripts. Description Some users administrators and content editors can set html in module titles and that could include javascript which could be used for XSS based attacks. With the addition of more roles being able to set modul...

PT-2025-39192

Name of the Vulnerable Software and Affected Versions DNN formerly DotNetNuke versions prior to 10.1.0 Description DNN formerly DotNetNuke is an open-source web content management platform. Administrators and content editors could set HTML in module titles, potentially including JavaScript. This...