CVE-2025-59546

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2025-59546

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-59546.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2025-59546

Aliases

GHSA-gj8m-5492-q98h

Published

2025-09-23T17:41:47Z

Modified

2025-10-20T20:33:31.480362Z

Severity

2.4 (Low) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N CVSS Calculator

Summary

DNN Vulnerable to Stored XSS Using Backend Admin Credentials

Details

DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Prior to version 10.1.0, administrators and content editors can set html in module titles that could include javascript which could be used for XSS based attacks. This issue has been patched in version 10.1.0.

Database specific

{
    "cwe_ids": [
        "CWE-79"
    ]
}

References

https://github.com/dnnsoftware/Dnn.Platform/security/advisories/GHSA-gj8m-5492-q98h

Affected packages

Git / github.com/dnnsoftware/dnn.platform

Affected ranges

Type: GIT
Repo: https://github.com/dnnsoftware/dnn.platform
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

f66ba091c1d9361bbe961801c18b9e951c436c41

Affected versions

10.*

10.0.0-rc3

v10.*

v10.0.0

v10.0.0-rc1

v10.0.0-rc2

v10.0.1

v10.0.1-rc1

v10.0.1-rc2

v10.0.1-rc3

v10.1.0-rc1

v7.*

v7.2.1.367-stable

v7.3.2.109-stable

v9.*

v9.1.0

v9.10.0

v9.10.0-rc1

v9.10.0-rc2

v9.10.1

v9.10.1-rc1

v9.10.2

v9.10.2-rc1

v9.11.0

v9.11.0-rc1

v9.11.0-rc2

v9.11.0-rc3

v9.11.0-rc4

v9.11.0-rc5

v9.11.0-rc6

v9.11.0-rc7

v9.11.1

v9.11.1-rc1

v9.11.1-rc2

v9.11.1-rc3

v9.11.2

v9.11.2-rc1

v9.12.0

v9.12.0-rc1

v9.13.0

v9.13.0-rc1

v9.13.0-rc2

v9.13.0-rc3

v9.13.1

v9.13.1-rc1

v9.13.2

v9.13.2-rc1

v9.13.3

v9.13.3-rc1

v9.13.4

v9.13.4-rc1

v9.13.5

v9.13.5-rc1

v9.13.6

v9.13.6-rc1

v9.13.7

v9.13.7-rc1

v9.13.8

v9.13.8-rc1

v9.13.9

v9.13.9-rc1

v9.2.0

v9.2.1

v9.2.1-rc0

v9.2.1-rc1

v9.2.2

v9.2.2-rc0

v9.2.2-rc1

v9.2.2-rc2

v9.2.2-rc3

v9.3.0

v9.3.0-rc0

v9.3.0-rc1

v9.3.0-rc2

v9.3.1

v9.3.1-rc0

v9.3.2

v9.3.2-rc0

v9.4.0

v9.4.0-rc0

v9.4.0-rc1

v9.4.1

v9.4.1-rc1

v9.4.2

v9.4.2-rc1

v9.4.3

v9.4.3-rc1

v9.4.4

v9.4.4-rc1

v9.5.0

v9.5.0-rc1

v9.5.0-rc2

v9.5.1-rc1

v9.6.0

v9.6.0-rc1

v9.6.0-rc2

v9.6.0-rc3

v9.6.1

v9.6.1-rc1

v9.6.2

v9.6.2-rc1

v9.6.2-rc2

v9.6.2-rc3

v9.7.0

v9.7.0-rc1

v9.7.0-rc2

v9.7.1

v9.7.1-rc1

v9.7.2

v9.7.2-rc1

v9.8.0

v9.8.0-rc1

v9.8.0-rc2

v9.8.1

v9.8.1-rc1

v9.9.0

v9.9.0-rc1

v9.9.0-rc2

v9.9.1

v9.9.1-rc1