CVE-2025-64094
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2025-64094
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-64094.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2025-64094
- Aliases
- Published
- 2025-10-28T21:44:31Z
- Modified
- 2025-11-05T14:22:53.851516Z
- Severity
-
- 6.4 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N CVSS Calculator
- Summary
- DNN vulnerable to stored cross-site-scripting (XSS) via SVG upload
- Details
-
DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Prior to 10.1.1, sanitization of the content of uploaded SVG files was not covering all possible XSS scenarios. This vulnerability exists because of an incomplete fix for CVE-2025-48378. This vulnerability is fixed in 10.1.1.
- Database specific
{ "cwe_ids": [ "CWE-79" ] }- References
Affected packages
Git / github.com/dnnsoftware/dnn.platform
Affected ranges
- Type
- GIT
- Repo
- https://github.com/dnnsoftware/dnn.platform
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
10.*
10.0.0-rc3
v10.*
v10.0.0
v10.0.0-rc1
v10.0.0-rc2
v10.0.1
v10.0.1-rc1
v10.0.1-rc2
v10.0.1-rc3
v10.1.0
v10.1.0-rc1
v10.1.1-rc1
v7.*
v7.2.1.367-stable
v7.3.2.109-stable
v9.*
v9.1.0
v9.10.0
v9.10.0-rc1
v9.10.0-rc2
v9.10.1
v9.10.1-rc1
v9.10.2
v9.10.2-rc1
v9.11.0
v9.11.0-rc1
v9.11.0-rc2
v9.11.0-rc3
v9.11.0-rc4
v9.11.0-rc5
v9.11.0-rc6
v9.11.0-rc7
v9.11.1
v9.11.1-rc1
v9.11.1-rc2
v9.11.1-rc3
v9.11.2
v9.11.2-rc1
v9.12.0
v9.12.0-rc1
v9.13.0
v9.13.0-rc1
v9.13.0-rc2
v9.13.0-rc3
v9.13.1
v9.13.1-rc1
v9.13.2
v9.13.2-rc1
v9.13.3
v9.13.3-rc1
v9.13.4
v9.13.4-rc1
v9.13.5
v9.13.5-rc1
v9.13.6
v9.13.6-rc1
v9.13.7
v9.13.7-rc1
v9.13.8
v9.13.8-rc1
v9.13.9
v9.13.9-rc1
v9.2.0
v9.2.1
v9.2.1-rc0
v9.2.1-rc1
v9.2.2
v9.2.2-rc0
v9.2.2-rc1
v9.2.2-rc2
v9.2.2-rc3
v9.3.0
v9.3.0-rc0
v9.3.0-rc1
v9.3.0-rc2
v9.3.1
v9.3.1-rc0
v9.3.2
v9.3.2-rc0
v9.4.0
v9.4.0-rc0
v9.4.0-rc1
v9.4.1
v9.4.1-rc1
v9.4.2
v9.4.2-rc1
v9.4.3
v9.4.3-rc1
v9.4.4
v9.4.4-rc1
v9.5.0
v9.5.0-rc1
v9.5.0-rc2
v9.5.1-rc1
v9.6.0
v9.6.0-rc1
v9.6.0-rc2
v9.6.0-rc3
v9.6.1
v9.6.1-rc1
v9.6.2
v9.6.2-rc1
v9.6.2-rc2
v9.6.2-rc3
v9.7.0
v9.7.0-rc1
v9.7.0-rc2
v9.7.1
v9.7.1-rc1
v9.7.2
v9.7.2-rc1
v9.8.0
v9.8.0-rc1
v9.8.0-rc2
v9.8.1
v9.8.1-rc1
v9.9.0
v9.9.0-rc1
v9.9.0-rc2
v9.9.1
v9.9.1-rc1