CVE-2025-59545

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2025-59545

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-59545.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2025-59545

Aliases

GHSA-2qxc-mf4x-wr29

Published

2025-09-23T17:41:30Z

Modified

2025-10-20T20:33:32.438844Z

Severity

9.0 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H CVSS Calculator

Summary

DNN Vulnerable to Stored Cross-Site Scripting (XSS) in the Prompt module

Details

DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Prior to version 10.1.0, the Prompt module allows execution of commands that can return raw HTML. Malicious input, even if sanitized for display elsewhere, can be executed when processed through certain commands, leading to potential script execution (XSS). This issue has been patched in version 10.1.0.

Database specific

{
    "cwe_ids": [
        "CWE-79"
    ]
}

References

https://github.com/dnnsoftware/Dnn.Platform/security/advisories/GHSA-2qxc-mf4x-wr29

Affected packages

Git / github.com/dnnsoftware/dnn.platform

Affected ranges

Type: GIT
Repo: https://github.com/dnnsoftware/dnn.platform
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

f66ba091c1d9361bbe961801c18b9e951c436c41

Affected versions

10.*

10.0.0-rc3

v10.*

v10.0.0

v10.0.0-rc1

v10.0.0-rc2

v10.0.1

v10.0.1-rc1

v10.0.1-rc2

v10.0.1-rc3

v10.1.0-rc1

v7.*

v7.2.1.367-stable

v7.3.2.109-stable

v9.*

v9.1.0

v9.10.0

v9.10.0-rc1

v9.10.0-rc2

v9.10.1

v9.10.1-rc1

v9.10.2

v9.10.2-rc1

v9.11.0

v9.11.0-rc1

v9.11.0-rc2

v9.11.0-rc3

v9.11.0-rc4

v9.11.0-rc5

v9.11.0-rc6

v9.11.0-rc7

v9.11.1

v9.11.1-rc1

v9.11.1-rc2

v9.11.1-rc3

v9.11.2

v9.11.2-rc1

v9.12.0

v9.12.0-rc1

v9.13.0

v9.13.0-rc1

v9.13.0-rc2

v9.13.0-rc3

v9.13.1

v9.13.1-rc1

v9.13.2

v9.13.2-rc1

v9.13.3

v9.13.3-rc1

v9.13.4

v9.13.4-rc1

v9.13.5

v9.13.5-rc1

v9.13.6

v9.13.6-rc1

v9.13.7

v9.13.7-rc1

v9.13.8

v9.13.8-rc1

v9.13.9

v9.13.9-rc1

v9.2.0

v9.2.1

v9.2.1-rc0

v9.2.1-rc1

v9.2.2

v9.2.2-rc0

v9.2.2-rc1

v9.2.2-rc2

v9.2.2-rc3

v9.3.0

v9.3.0-rc0

v9.3.0-rc1

v9.3.0-rc2

v9.3.1

v9.3.1-rc0

v9.3.2

v9.3.2-rc0

v9.4.0

v9.4.0-rc0

v9.4.0-rc1

v9.4.1

v9.4.1-rc1

v9.4.2

v9.4.2-rc1

v9.4.3

v9.4.3-rc1

v9.4.4

v9.4.4-rc1

v9.5.0

v9.5.0-rc1

v9.5.0-rc2

v9.5.1-rc1

v9.6.0

v9.6.0-rc1

v9.6.0-rc2

v9.6.0-rc3

v9.6.1

v9.6.1-rc1

v9.6.2

v9.6.2-rc1

v9.6.2-rc2

v9.6.2-rc3

v9.7.0

v9.7.0-rc1

v9.7.0-rc2

v9.7.1

v9.7.1-rc1

v9.7.2

v9.7.2-rc1

v9.8.0

v9.8.0-rc1

v9.8.0-rc2

v9.8.1

v9.8.1-rc1

v9.9.0

v9.9.0-rc1

v9.9.0-rc2

v9.9.1

v9.9.1-rc1