DotNetNuke.Core Vulnerable to Stored XSS via Module Title_CVE-2026-24838

9.1 / 10

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

Description

DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Prior to versions 9.13.10 and 10.2.0, module title supports richtext which could include scripts that would execute in certain scenarios. Versions 9.13.10 and 10.2.0 contain a fix for the issue.

Basic Information

ID CVE-2026-24838

Source GitHub_M

Published Jan 27, 2026 at 23:58

Affected Product

Vendor dnnsoftware

Product Dnn.Platform

Version < 9.13.10

Affected Versions dnnsoftware Dnn.Platform < 9.13.10
dnnsoftware Dnn.Platform >= 10.0.0, < 10.2.0

CWE Classification

CWE-79

References

github.com /dnnsoftware/Dnn.Platform/security/advisories/GHSA-w9pf-h6m6-v89h

{
    "lastseen": "",
    "description": "DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Prior to versions 9.13.10 and 10.2.0,  module title supports richtext which could include scripts that would execute in certain scenarios. Versions 9.13.10 and 10.2.0 contain a fix for the issue.",
    "published": "2026-01-27T23:58:33.340Z",
    "modified": "2026-01-27T23:58:33.340Z",
    "type": "cve",
    "title": "DotNetNuke.Core Vulnerable to Stored XSS via Module Title",
    "source": "GitHub_M",
    "references": "https://github.com/dnnsoftware/Dnn.Platform/security/advisories/GHSA-w9pf-h6m6-v89h",
    "id": "CVE-2026-24838",
    "bulletinFamily": "",
    "cwe": [
        "CWE-79"
    ],
    "cvelist": null,
    "sourceData": "dnnsoftware Dnn.Platform < 9.13.10\ndnnsoftware Dnn.Platform >= 10.0.0, < 10.2.0",
    "sourceHref": "",
    "cvss": {
        "score": 9.1,
        "severity": "CRITICAL",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Dnn.Platform",
    "version": "< 9.13.10",
    "vendor": "dnnsoftware",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}