6Teloiv

**Name of the Vulnerable Software and Affected Versions** DNN (formerly DotNetNuke) versions prior to 10.1.0 **Description** DNN is an open-source web content management platform. Prior to version 10.1.0, arbitrary themes could be loaded through query parameters. This allowed potentially vulnerable, unused themes to be loaded for unsuspecting clients without the site owner’s knowledge. Depending on the vulnerability within a theme, this could lead to server-side or client-side arbitrary code execution. **Recommendations** Update to version 10.1.0 or later.