Dnnsoftware Dnn.Platform vulnerabilities
30 known vulnerabilities affecting dnnsoftware/dnn.platform.
Total CVEs
30
CISA KEV
0
Public exploits
3
Exploited in wild
3
Severity breakdown
CRITICAL2HIGH6MEDIUM21LOW1
Vulnerabilities
Page 2 of 2
CVE-2025-59821P4MEDIUMCVSS 6.1fixed in 10.1.02025-09-23
CVE-2025-59821 [MEDIUM] CWE-79 CVE-2025-59821: DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft e
DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Prior to version 10.1.0, DNN’s URL/path handling and template rendering can allow specially crafted input to be reflected into a user profile that is returned to the browser. In these cases, the application does not sufficiently neutralize or
nvd
CVE-2025-59539P4MEDIUMCVSS 5.4fixed in 10.1.02025-09-23
CVE-2025-59539 [MEDIUM] CWE-79 CVE-2025-59539: DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft e
DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Prior to version 10.1.0, when embedding information in the Biography field, even if that field is not rich-text, users could inject javascript code that would run in the context of the website and to any other user that can view the profile i
nvd
CVE-2025-48377P4MEDIUMCVSS 5.4fixed in 9.13.92025-05-23
CVE-2025-48377 [MEDIUM] CWE-79 CVE-2025-48377: DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft e
DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Prior to version 9.13.9, a specially crafted URL may be constructed which can inject an XSS payload that is triggered by using some module actions. Version 9.13.9 fixes the issue.
nvd
CVE-2025-48378P4MEDIUMCVSS 5.4fixed in 10.1.12025-05-23
CVE-2025-48378 [MEDIUM] CWE-79 CVE-2025-48378: DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft e
DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Prior to version 9.13.9, uploaded SVG files could contain scripts and if rendered inline those scripts could run allowing XSS attacks. Version 9.13.9 fixes the issue.
nvd
CVE-2025-59546P4MEDIUMCVSS 4.8fixed in 10.1.02025-09-23
CVE-2025-59546 [MEDIUM] CWE-79 CVE-2025-59546: DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft e
DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Prior to version 10.1.0, administrators and content editors can set html in module titles that could include javascript which could be used for XSS based attacks. This issue has been patched in version 10.1.0.
nvd
CVE-2026-24784P4MEDIUMCVSS 4.8v>= 9.0.0, < 9.13.10v>= 10.0.0, < 10.2.02026-01-28
CVE-2026-24784 [MEDIUM] CWE-79 CVE-2026-24784: DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft e
DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Starting in version 9.0.0 and prior to versions 9.13.10 and 10.2.0, a content editor could inject scripts in module headers/footers that would run for other users. Versions 9.13.10 and 10.2.0 contain a fix for the issue.
nvd
CVE-2025-62802P4MEDIUMCVSS 4.3fixed in 10.1.12025-10-28
CVE-2025-62802 [MEDIUM] CWE-434 CVE-2025-62802: DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft e
DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Prior to 10.1.1, the out-of-box experience for HTML editing allows unauthenticated users to upload files. This opens a potential vector to other security issues and is not needed on most implementations. This vulnerability is fixed in 10.1.1
ghsanvdosv
CVE-2026-40305P4MEDIUMCVSS 4.3v>= 6.0.0, < 10.2.22026-04-17
CVE-2026-40305 [MEDIUM] CWE-285 CVE-2026-40305: DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft e
DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Starting in version 6.0.0 and prior to version 10.2.2, in the friends feature, a user could craft a request that would force the acceptance of a friend request on another user. Version 10.2.2 patches the issue.
nvd
CVE-2025-32371P4MEDIUMCVSS 4.3fixed in 9.13.42025-04-09
CVE-2025-32371 [MEDIUM] CWE-451 CVE-2025-32371: DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft e
DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. A url could be crafted to the DNN ImageHandler to render text from a querystring parameter. This text would display in the resulting image and a user that trusts the domain might think that the information is legitimate. This vulnerability i
nvd
CVE-2025-48376P4LOWCVSS 2.4fixed in 9.13.92025-05-23
CVE-2025-48376 [LOW] CWE-841 CVE-2025-48376: DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft e
DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Prior to version 9.13.9, a malicious SuperUser (Host) could craft a request to use an external url for a site export to then be imported. Version 9.13.9 fixes the issue.
nvd
← Previous2 / 2