Lucene search
K

5 matches found

Tenable Nessus
Tenable Nessus
added 2025/09/23 12:0 a.m.5 views

Dotnetnuke < 10.1.0 Loading unused themes on annonymous clients through query parameters (CVE-2025-59535)

According to its self-reported version, the instance of Dotnetnuke running on the remote web server is prior to 10.1.0. It is, therefore, affected by a vulnerability. - DNN formerly DotNetNuke is an open-source web content management platform CMS in the Microsoft ecosystem. Prior to version 10.1....

6.5CVSS5.7AI score0.00322EPSS
Exploits0References2
Snyk
Snyk
added 2025/09/22 9:10 p.m.4 views

Unsafe Dependency Resolution

Overview Affected versions of this package are vulnerable to Unsafe Dependency Resolution via the Skin feature. An attacker can cause unauthorized theme loading and potentially execute arbitrary code by supplying crafted query parameters to load unused or outdated themes. Remediation Upgrade...

7.3CVSS7.6AI score0.00322EPSS
Exploits0References2
OSV
OSV
added 2025/09/22 9:10 p.m.3 views

GHSA-WQ2J-W9PM-7X2P DNN allows loading unused themes on anonymous clients through query parameters

Summary Arbitrary themes can be loaded through query parameters. If an installed theme had a vulnerability, even if it was not used on any page, this could be loaded on unsuspecting clients without knowledge of the site owner. Details Many people who run DNN sites have a number of installed theme...

6.5CVSS7.7AI score0.00322EPSS
Exploits0References6
Github Security Blog
Github Security Blog
added 2025/09/22 9:10 p.m.7 views

DNN allows loading unused themes on anonymous clients through query parameters

Summary Arbitrary themes can be loaded through query parameters. If an installed theme had a vulnerability, even if it was not used on any page, this could be loaded on unsuspecting clients without knowledge of the site owner. Details Many people who run DNN sites have a number of installed theme...

6.5CVSS7.7AI score0.00322EPSS
Exploits0References6Affected Software1
Vulnrichment
Vulnrichment
added 2025/09/22 8:59 p.m.2 views

CVE-2025-59535 DotNetNuke.Core allows loading of unused themes on anonymous clients through query parameters

DNN formerly DotNetNuke is an open-source web content management platform CMS in the Microsoft ecosystem. Prior to version 10.1.0, arbitrary themes can be loaded through query parameters. If an installed theme had a vulnerability, even if it was not used on any page, this could be loaded on...

6.5CVSS6.3AI score0.00322EPSS
Exploits0References3
Rows per page
Query Builder