Количество 3
Количество 3
CVE-2025-52485
DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. In versions 6.0.0 to before 10.0.1, DNN.PLATFORM allows a specially crafted request to inject scripts in the Activity Feed Attachments endpoint which will then render in the feed. This issue has been patched in version 10.0.1.
GHSA-wwc9-wmm3-2pmf
DNN.PLATFORM Allows Stored Cross-Site Scripting (XSS) in Activity Feed
BDU:2025-02484
Уязвимость сценария /Activity-Feed/userId/{user_id} CMS-системы DNN, позволяющая нарушителю провести атаку межсайтового скриптинга (XSS)
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2025-52485 DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. In versions 6.0.0 to before 10.0.1, DNN.PLATFORM allows a specially crafted request to inject scripts in the Activity Feed Attachments endpoint which will then render in the feed. This issue has been patched in version 10.0.1. | CVSS3: 5.4 | 0% Низкий | 8 месяцев назад |
| GHSA-wwc9-wmm3-2pmf DNN.PLATFORM Allows Stored Cross-Site Scripting (XSS) in Activity Feed | CVSS3: 5.4 | 0% Низкий | 8 месяцев назад |
 | BDU:2025-02484 Уязвимость сценария /Activity-Feed/userId/{user_id} CMS-системы DNN, позволяющая нарушителю провести атаку межсайтового скриптинга (XSS) | CVSS3: 7.7 | 0% Низкий | 12 месяцев назад |
Уязвимостей на страницу