GHSA-79m3-rvx2-3qq9

Source

https://github.com/advisories/GHSA-79m3-rvx2-3qq9

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2025/05/GHSA-79m3-rvx2-3qq9/GHSA-79m3-rvx2-3qq9.json

JSON Data

https://api.test.osv.dev/v1/vulns/GHSA-79m3-rvx2-3qq9

Aliases

CVE-2025-48377

Published

2025-05-23T16:36:08Z

Modified

2025-05-23T19:11:01.737556Z

Severity

6.0 (Medium) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N CVSS Calculator

Summary

Reflected Cross-Site Scripting (XSS) in module actions in edit mode

Details

A specially crafted URL may be constructed which can inject an XSS payload that is triggered by using some module actions.

Database specific

{
    "cwe_ids": [
        "CWE-79"
    ],
    "nvd_published_at": "2025-05-23T16:15:27Z",
    "github_reviewed_at": "2025-05-23T16:36:08Z",
    "github_reviewed": true,
    "severity": "MODERATE"
}

References

Affected packages

NuGet / DotNetNuke.Web

Package

Name: DotNetNuke.Web; View open source insights on deps.dev
Purl: pkg:nuget/DotNetNuke.Web

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

9.13.9

Affected versions

6.*

6.0.0

7.*

7.0.0

7.0.6.121

7.1.0

7.1.2

7.2.0.613

7.3.0.499

7.3.1.20

7.4.0.353

7.4.1.280

7.4.2.216

8.*

8.0.0.809

8.0.1.239

8.0.2.4

8.0.3.5

8.0.4.226

9.*

9.0.0.1002

9.0.1.142

9.1.0.367

9.1.1.129

9.2.0.366

9.2.1.533

9.3.0

9.3.1

9.3.2

9.4.0

9.4.1

9.4.2

9.4.3

9.4.4

9.5.0

9.6.1

9.6.2

9.7.0

9.7.1

9.7.2

9.8.0

9.9.0

9.9.1

9.10.0

9.10.1

9.10.2

9.11.0

9.11.1

9.11.2

9.12.0

9.13.0-ci0000

9.13.0

9.13.1

9.13.2

9.13.3

9.13.4

9.13.5-ci0062

9.13.5

9.13.6

9.13.7

9.13.8

NuGet / DotNetNuke.Core