CVE-2025-52485
DNN.PLATFORM Allows Stored Cross-Site Scripting (XSS) in Activity Feed
DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. In versions 6.0.0 to before 10.0.1, DNN.PLATFORM allows a specially crafted request to inject scripts in the Activity Feed Attachments endpoint which will then render in the feed. This issue has been patched in version 10.0.1.
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
Productos afectados
dnnsoftware · Dnn.Platform¿Quieres saber si tu infraestructura está expuesta a esto?
Hablar con TrueHacking →