DNN Vulnerable to Stored XSS Using Backend Admin Credentials

2.4 / 10

LOW

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N

Description

DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Prior to version 10.1.0, administrators and content editors can set html in module titles that could include javascript which could be used for XSS based attacks. This issue has been patched in version 10.1.0.

Basic Information

ID CVE-2025-59546

Source GitHub_M

Published Sep 23, 2025 at 17:41

Affected Product

Vendor dnnsoftware

Product Dnn.Platform

Version < 10.1.0

Affected Versions dnnsoftware Dnn.Platform < 10.1.0

CWE Classification

CWE-79

References

github.com /dnnsoftware/Dnn.Platform/security/advisories/GHSA-gj8m-5492-q98h

{
    "lastseen": "",
    "description": "DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Prior to version 10.1.0, administrators and content editors can set html in module titles that could include javascript which could be used for XSS based attacks. This issue has been patched in version 10.1.0.",
    "published": "2025-09-23T17:41:47.908Z",
    "modified": "2025-09-23T17:41:47.908Z",
    "type": "cve",
    "title": "DNN Vulnerable to Stored XSS Using Backend Admin Credentials",
    "source": "GitHub_M",
    "references": "https://github.com/dnnsoftware/Dnn.Platform/security/advisories/GHSA-gj8m-5492-q98h",
    "id": "CVE-2025-59546",
    "bulletinFamily": "",
    "cwe": [
        "CWE-79"
    ],
    "cvelist": null,
    "sourceData": "dnnsoftware Dnn.Platform < 10.1.0",
    "sourceHref": "",
    "cvss": {
        "score": 2.4,
        "severity": "LOW",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Dnn.Platform",
    "version": "< 10.1.0",
    "vendor": "dnnsoftware",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

DNN Vulnerable to Stored XSS Using Backend Admin Credentials_CVE-2025-59546