12 matches found
EUVD-2025-18802
Malicious code in bioql PyPI...
Cross-Site Scripting (XSS)
DNN.PLATFORM is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to insufficient validation in the TokenReplace function and SkinObjects, which fail to handle specially crafted URLs, allowing attackers to inject and execute arbitrary scripts in the user's browser...
CVE-2025-52486
DNN formerly DotNetNuke is an open-source web content management platform CMS in the Microsoft ecosystem. In versions 6.0.0 to before 10.0.1, DNN.PLATFORM allows specially crafted content in URLs to be used with TokenReplace and not be properly sanitized by some SkinObjects. This issue has been...
Cross-site Scripting (XSS)
Overview DotNetNuke.Core is a references provider to the DotNetNuke.dll to develop extensions for the DNN Platform. Affected versions of this package are vulnerable to Cross-site Scripting XSS via TokenReplace operations when handling input in some SkinObjects. An attacker can execute arbitrary...
CVE-2025-52486
DNN formerly DotNetNuke is an open-source web content management platform CMS in the Microsoft ecosystem. In versions 6.0.0 to before 10.0.1, DNN.PLATFORM allows specially crafted content in URLs to be used with TokenReplace and not be properly sanitized by some SkinObjects. This issue has been...
CVE-2025-52486 DNN.PLATFORM Allows Reflected Cross-Site Scripting (XSS) in some TokenReplace situations with SkinObjects
DNN formerly DotNetNuke is an open-source web content management platform CMS in the Microsoft ecosystem. In versions 6.0.0 to before 10.0.1, DNN.PLATFORM allows specially crafted content in URLs to be used with TokenReplace and not be properly sanitized by some SkinObjects. This issue has been...
CVE-2025-52486 DNN.PLATFORM Allows Reflected Cross-Site Scripting (XSS) in some TokenReplace situations with SkinObjects
DNN formerly DotNetNuke is an open-source web content management platform CMS in the Microsoft ecosystem. In versions 6.0.0 to before 10.0.1, DNN.PLATFORM allows specially crafted content in URLs to be used with TokenReplace and not be properly sanitized by some SkinObjects. This issue has been...
CVE-2025-52486 DNN.PLATFORM Allows Reflected Cross-Site Scripting (XSS) in some TokenReplace situations with SkinObjects
DNN formerly DotNetNuke is an open-source web content management platform CMS in the Microsoft ecosystem. In versions 6.0.0 to before 10.0.1, DNN.PLATFORM allows specially crafted content in URLs to be used with TokenReplace and not be properly sanitized by some SkinObjects. This issue has been...
CVE-2025-52486
CVE-2025-52486 affects DNN.PLATFORM (DotNetNuke) prior to 10.0.1, where specially crafted URL content could be used with TokenReplace and not be sanitized by certain SkinObjects, enabling a reflected Cross-Site Scripting (XSS). Affected versions are 6.0.0 through before 10.0.1. The issue is fixed...
GHSA-PF4H-VRV6-CMVR DNN.PLATFORM Allows Reflected Cross-Site Scripting (XSS) in some TokenReplace situations with SkinObjects
DNN.PLATFORM allows specially crafted content in URLs could be used with TokenReplace and not be properly sanitized by some SkinObjects. This vulnerability is fixed in 10.0.1...
DNN.PLATFORM Allows Reflected Cross-Site Scripting (XSS) in some TokenReplace situations with SkinObjects
DNN.PLATFORM allows specially crafted content in URLs could be used with TokenReplace and not be properly sanitized by some SkinObjects. This vulnerability is fixed in 10.0.1...
Dotnetnuke < 10.0.1 Reflected Cross-Site Scripting (XSS) in some TokenReplace situations with SkinObjects (CVE-2025-52486)
According to its self-reported version, the instance of Dotnetnuke running on the remote web server is prior to 10.0.1. It is, therefore, affected by a vulnerability. - DNN.PLATFORM Allows Reflected Cross-Site Scripting XSS in some TokenReplace situations with SkinObjects CVE-2025-52486 Note that...