PT-2025-26482 · Dnn · Dnn
Valadas
·
Published
2025-02-19
·
Updated
2025-09-15
·
CVE-2025-52486
CVSS v2.0
7.8
High
| Vector | AV:N/AC:L/Au:N/C:C/I:N/A:N |
Name of the Vulnerable Software and Affected Versions:
DNN (formerly DotNetNuke) versions 6.0.0 through 10.0.0
Description:
The issue concerns the DNN (formerly DotNetNuke) platform, which is an open-source web content management platform in the Microsoft ecosystem. It allows specially crafted content in URLs to be used with TokenReplace and not be properly sanitized by some SkinObjects.
Recommendations:
For versions 6.0.0 through 10.0.0, update to version 10.0.1 to resolve the issue.
Exploit
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Dnn