CVE-2025-52486 DNN.PLATFORM Allows Reflected Cross-Site Scripting (XSS) in some TokenReplace situations with SkinObjects

DNN formerly DotNetNuke is an open-source web content management platform CMS in the Microsoft ecosystem. In versions 6.0.0 to before 10.0.1, DNN.PLATFORM allows specially crafted content in URLs to be used with TokenReplace and not be properly sanitized by some SkinObjects. This issue has been...

CVE-2025-52486

CVE-2025-52486 affects DNN.PLATFORM (DotNetNuke) prior to 10.0.1, where specially crafted URL content could be used with TokenReplace and not be sanitized by certain SkinObjects, enabling a reflected Cross-Site Scripting (XSS). Affected versions are 6.0.0 through before 10.0.1. The issue is fixed...

DNN.PLATFORM Allows Reflected Cross-Site Scripting (XSS) in some TokenReplace situations with SkinObjects

DNN.PLATFORM allows specially crafted content in URLs could be used with TokenReplace and not be properly sanitized by some SkinObjects. This vulnerability is fixed in 10.0.1...

GHSA-PF4H-VRV6-CMVR DNN.PLATFORM Allows Reflected Cross-Site Scripting (XSS) in some TokenReplace situations with SkinObjects

DNN.PLATFORM allows specially crafted content in URLs could be used with TokenReplace and not be properly sanitized by some SkinObjects. This vulnerability is fixed in 10.0.1...