CVE-2025-59546

Опубликовано: 23 сент. 2025

Источник: nvd

CVSS3: 2.4

CVSS3: 4.8

EPSS Низкий

Описание

DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Prior to version 10.1.0, administrators and content editors can set html in module titles that could include javascript which could be used for XSS based attacks. This issue has been patched in version 10.1.0.

Ссылки

https://github.com/dnnsoftware/Dnn.Platform/security/advisories/GHSA-gj8m-5492-q98h
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:dnnsoftware:dotnetnuke:*:*:*:*:*:*:*:*

Версия до 10.1.0 (исключая)

EPSS

Процентиль: 16%

0.0005

Низкий

2.4 Low

CVSS3

4.8 Medium

CVSS3

Дефекты

CWE-79

Связанные уязвимости

GHSA-gj8m-5492-q98h

CVSS3: 2.4

github

5 месяцев назад

DNN Vulnerable to Stored XSS Using Backend Admin Credentials

EPSS

Процентиль: 16%

0.0005

Низкий

2.4 Low

CVSS3

4.8 Medium

CVSS3

Дефекты

CWE-79