PT-2026-5040 · Dnn · Dnn
Mojav3R
·
Publicado
2026-01-27
·
Atualizado
2026-02-02
·
CVE-2026-24833
CVSS v3.1
7.6
Alta
| Vetor | AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
DNN (formerly DotNetNuke) versions prior to 9.13.10
DNN (formerly DotNetNuke) versions prior to 10.2.0
Description
DNN (formerly DotNetNuke) is an open-source web content management platform. Prior to versions 9.13.10 and 10.2.0, a module could be installed with rich text in its description field. This rich text could contain scripts that execute for users within the Persona Bar.
Recommendations
Update to DNN version 9.13.10 or later.
Update to DNN version 10.2.0 or later.
Exploit
Correção
XSS
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Dnn