PT-2025-26481 · Dnn · Dnn
Valadas
·
Published
2025-02-18
·
Updated
2025-09-15
·
CVE-2025-52485
CVSS v2.0
6.8
Medium
| Vector | AV:N/AC:L/Au:S/C:C/I:N/A:N |
Name of the Vulnerable Software and Affected Versions:
DNN (formerly DotNetNuke) versions 6.0.0 through 10.0.0
Description:
The issue allows a specially crafted request to inject scripts in the "Activity Feed Attachments" endpoint, which will then render in the feed, resulting in a cross-site scripting attack.
Recommendations:
For versions 6.0.0 through 10.0.0, update to version 10.0.1 to resolve the issue.
As a temporary workaround, consider restricting access to the "Activity Feed Attachments" endpoint until the update is applied.
Exploit
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Dnn