Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

13 matches found

EUVD
EUVDadded 2025/10/03 8:7 p.m.3 views

EUVD-2025-30896

Malicious code in bioql PyPI...

9CVSS9AI score0.00071EPSS
Exploits0References3
RedhatCVE
RedhatCVEadded 2025/09/25 2:53 a.m.1 views

CVE-2025-59545

DNN formerly DotNetNuke is an open-source web content management platform CMS in the Microsoft ecosystem. Prior to version 10.1.0, the Prompt module allows execution of commands that can return raw HTML. Malicious input, even if sanitized for display elsewhere, can be executed when processed...

9CVSS6.8AI score0.00071EPSS
Exploits0References1
Snyk
Snykadded 2025/09/23 6:44 p.m.2 views

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the Prompt module when commands return raw HTML. An attacker can execute arbitrary scripts in the context of a user's browser by submitting malicious input that is processed through certain commands. Details...

9CVSS5.7AI score0.00071EPSS
Exploits0References2
Snyk
Snykadded 2025/09/23 6:44 p.m.2 views

Cross-site Scripting (XSS)

Overview DotNetNuke.Core is a references provider to the DotNetNuke.dll to develop extensions for the DNN Platform. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the Prompt module when commands return raw HTML. An attacker can execute arbitrary scripts in the...

9CVSS5.7AI score0.00071EPSS
Exploits0References2
NVD
NVDadded 2025/09/23 6:15 p.m.1 views

CVE-2025-59545

DNN formerly DotNetNuke is an open-source web content management platform CMS in the Microsoft ecosystem. Prior to version 10.1.0, the Prompt module allows execution of commands that can return raw HTML. Malicious input, even if sanitized for display elsewhere, can be executed when processed...

9CVSS0.00071EPSS
Exploits0References1
Cvelist
Cvelistadded 2025/09/23 5:41 p.m.5 views

CVE-2025-59545 DNN Vulnerable to Stored Cross-Site Scripting (XSS) in the Prompt module

DNN formerly DotNetNuke is an open-source web content management platform CMS in the Microsoft ecosystem. Prior to version 10.1.0, the Prompt module allows execution of commands that can return raw HTML. Malicious input, even if sanitized for display elsewhere, can be executed when processed...

9CVSS0.00071EPSS
Exploits0References1
CVE
CVEadded 2025/09/23 5:41 p.m.11 views

CVE-2025-59545

CVE-2025-59545 affects DNN (DotNetNuke) prior to version 10.1.0, where the Prompt module can execute commands whose output is treated as HTML. This behavior allows input that is maliciously crafted to bypass normal sanitization and potentially execute scripts in the browser, resulting in stored X...

9CVSS6.7AI score0.00071EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichmentadded 2025/09/23 5:41 p.m.2 views

CVE-2025-59545 DNN Vulnerable to Stored Cross-Site Scripting (XSS) in the Prompt module

DNN formerly DotNetNuke is an open-source web content management platform CMS in the Microsoft ecosystem. Prior to version 10.1.0, the Prompt module allows execution of commands that can return raw HTML. Malicious input, even if sanitized for display elsewhere, can be executed when processed...

9CVSS6.7AI score0.00071EPSS
Exploits0References1
OSV
OSVadded 2025/09/23 3:9 p.m.3 views

GHSA-2QXC-MF4X-WR29 DNN Vulnerable to Stored Cross-Site Scripting (XSS) in the Prompt module

Summary The Prompt module allows execution of commands that can return raw HTML. Malicious input, even if sanitized for display elsewhere, can be executed when processed through certain commands, leading to potential script execution XSS. Description The application sanitizes most user-submitted...

9CVSS7.2AI score0.00071EPSS
Exploits0References3
Github Security Blog
Github Security Blogadded 2025/09/23 3:9 p.m.5 views

DNN Vulnerable to Stored Cross-Site Scripting (XSS) in the Prompt module

Summary The Prompt module allows execution of commands that can return raw HTML. Malicious input, even if sanitized for display elsewhere, can be executed when processed through certain commands, leading to potential script execution XSS. Description The application sanitizes most user-submitted...

9CVSS7.2AI score0.00071EPSS
Exploits0References3Affected Software1
Tenable Nessus
Tenable Nessusadded 2025/09/23 12:0 a.m.2 views

Dotnetnuke < 10.1.0 Stored Cross-Site Scripting (XSS) in Prompt module (GHSA-2qxc-mf4x-wr29)

According to its self-reported version, the instance of Dotnetnuke running on the remote web server is prior to 10.1.0. It is, therefore, affected by a vulnerability. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number...

5.6AI score
Exploits0References1
Positive Technologies
Positive Technologiesadded 2025/09/23 12:0 a.m.3 views

PT-2025-39191

Name of the Vulnerable Software and Affected Versions DNN formerly DotNetNuke versions prior to 10.1.0 Description DNN formerly DotNetNuke is an open-source web content management platform. The Prompt module allows execution of commands that can return raw HTML. Malicious input, even if sanitized...

9CVSS7AI score0.00071EPSS
Exploits0References16
CNNVD
CNNVDadded 2025/09/23 12:0 a.m.2 views

DNN 跨站脚本漏洞

DNN also known as DotNetNuke is a set of American DNN company by Microsoft support, based on the ASP.NET platform of open source content management system CMS. The system is easy to install, scalable, feature-rich and so on. A cross-site scripting vulnerability exists in DNN versions prior to...

9CVSS8.5AI score0.00071EPSS
Exploits0References1
Rows per page
Query Builder