DotNetNuke.Core Vulnerable to Stored XSS in Scheduler LogNotes_CVE-2026-24836

7.7 / 10

HIGH

CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H

Description

DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Starting in version 9.0.0 and prior to versions 9.13.10 and 10.2.0, extensions could write richtext in log notes which can include scripts that would run in the PersonaBar when displayed. Versions 9.13.10 and 10.2.0 contain a fix for the issue.

Basic Information

ID CVE-2026-24836

Source GitHub_M

Published Jan 27, 2026 at 23:51

Affected Product

Vendor dnnsoftware

Product Dnn.Platform

Version >= 9.0.0, < 9.13.10

Affected Versions dnnsoftware Dnn.Platform >= 9.0.0, < 9.13.10
dnnsoftware Dnn.Platform >= 10.0.0, < 10.2.0

CWE Classification

CWE-79

References

github.com /dnnsoftware/Dnn.Platform/security/advisories/GHSA-2g5g-hcgh-q3rp

{
    "lastseen": "",
    "description": "DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Starting in version 9.0.0 and prior to versions 9.13.10 and 10.2.0, extensions could write richtext in log notes which can include scripts that would run in the PersonaBar when displayed. Versions 9.13.10 and 10.2.0 contain a fix for the issue.",
    "published": "2026-01-27T23:51:27.138Z",
    "modified": "2026-01-27T23:51:27.138Z",
    "type": "cve",
    "title": "DotNetNuke.Core Vulnerable to Stored XSS in Scheduler LogNotes",
    "source": "GitHub_M",
    "references": "https://github.com/dnnsoftware/Dnn.Platform/security/advisories/GHSA-2g5g-hcgh-q3rp",
    "id": "CVE-2026-24836",
    "bulletinFamily": "",
    "cwe": [
        "CWE-79"
    ],
    "cvelist": null,
    "sourceData": "dnnsoftware Dnn.Platform >= 9.0.0, < 9.13.10\ndnnsoftware Dnn.Platform >= 10.0.0, < 10.2.0",
    "sourceHref": "",
    "cvss": {
        "score": 7.7,
        "severity": "HIGH",
        "vector": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Dnn.Platform",
    "version": ">= 9.0.0, < 9.13.10",
    "vendor": "dnnsoftware",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}