CRITICAL🇵🇱 Wersja polska

CVE-2025-59545

CVSS 9.0v3.1pub. 2025-09-23upd. 2025-09-29

DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Prior to version 10.1.0, the Prompt module allows execution of commands that can return raw HTML. Malicious input, even if sanitized for display elsewhere, can be executed when processed through certain commands, leading to potential script execution (XSS). This issue has been patched in version 10.1.0.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
  • Dnnsoftware Dotnetnuke

    APP
    Dnnsoftware
    < 10.1.0
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
XSS
CWE
References

Related vulnerabilities

CVE-2026-24838CRITICAL9.1PL ✓ten sam produkt

DNN/DotNetNuke: XSS w tytule modułu umożliwia wykonanie skryptów

CVE-2025-64095CRITICAL10.0PL ✓ten sam produkt

DNN/DotNetNuke: nieuwierzytelnione przesyłanie i nadpisywanie plików (RCE/XSS)

CVE-2015-2794CRITICAL9.8ten sam produkt

The installation wizard in DotNetNuke (DNN) before 7.4.1 allows remote attackers to reinstall the application ...

CVE-2018-15811HIGH7.5⚠ KEVten sam produkt

DNN (aka DotNetNuke) 9.2 through 9.2.1 uses a weak encryption algorithm to protect input parameters.

CVE-2018-18325HIGH7.5⚠ KEVten sam produkt

DNN (aka DotNetNuke) 9.2 through 9.2.2 uses a weak encryption algorithm to protect input parameters. NOTE: thi...