5 matches found
Dotnetnuke < 10.1.0 Loading unused themes on annonymous clients through query parameters (CVE-2025-59535)
According to its self-reported version, the instance of Dotnetnuke running on the remote web server is prior to 10.1.0. It is, therefore, affected by a vulnerability. - DNN formerly DotNetNuke is an open-source web content management platform CMS in the Microsoft ecosystem. Prior to version 10.1....
Unsafe Dependency Resolution
Overview Affected versions of this package are vulnerable to Unsafe Dependency Resolution via the Skin feature. An attacker can cause unauthorized theme loading and potentially execute arbitrary code by supplying crafted query parameters to load unused or outdated themes. Remediation Upgrade...
GHSA-WQ2J-W9PM-7X2P DNN allows loading unused themes on anonymous clients through query parameters
Summary Arbitrary themes can be loaded through query parameters. If an installed theme had a vulnerability, even if it was not used on any page, this could be loaded on unsuspecting clients without knowledge of the site owner. Details Many people who run DNN sites have a number of installed theme...
DNN allows loading unused themes on anonymous clients through query parameters
Summary Arbitrary themes can be loaded through query parameters. If an installed theme had a vulnerability, even if it was not used on any page, this could be loaded on unsuspecting clients without knowledge of the site owner. Details Many people who run DNN sites have a number of installed theme...
CVE-2025-59535 DotNetNuke.Core allows loading of unused themes on anonymous clients through query parameters
DNN formerly DotNetNuke is an open-source web content management platform CMS in the Microsoft ecosystem. Prior to version 10.1.0, arbitrary themes can be loaded through query parameters. If an installed theme had a vulnerability, even if it was not used on any page, this could be loaded on...