CVE-2025-52486
6.1
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N
Summary
DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. In versions 6.0.0 to before 10.0.1, DNN.PLATFORM allows specially crafted content in URLs to be used with TokenReplace and not be properly sanitized by some SkinObjects. This issue has been patched in version 10.0.1.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| dnnsoftware | Dnn.Platform | >= 6.0.0, < 10.0.1 | affected |
Weaknesses
- CWE-79: CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: partial
References
- https://github.com/dnnsoftware/Dnn.Platform/security/advisories/GHSA-pf4h-vrv6-cmvr
- https://github.com/dnnsoftware/Dnn.Platform/commit/74f6de68da1572c1d7e9c6e30e9f77f7c5596b1b
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.