CVE 5.9 MEDIUM

DNN Vulnerable to Reflected Cross-Site Scripting (XSS) in CKEditor File Browser_CVE-2025-59548

September 23, 2025 invoker category_cve
5.9 / 10
MEDIUM
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N

Description

DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Prior to version 10.1.0, specially crafted URLs to the FileBrowser are vulnerable to javascript injection, affecting any unsuspecting user clicking such link. This issue has been patched in version 10.1.0.

Basic Information

ID CVE-2025-59548
Source GitHub_M
Published Sep 23, 2025 at 17:58

Affected Product

Vendor dnnsoftware
Product Dnn.Platform
Version < 10.1.0
Affected Versions dnnsoftware Dnn.Platform < 10.1.0

CWE Classification

CWE-79

References

💭 Join the Security Discussion

🔒 Your email address will not be published. Required fields are marked *

⚠️ Please be respectful and constructive in your comments. Security discussions should remain professional.