CVE-2025-59821

Name of the Vulnerable Software and Affected Versions DNN (formerly DotNetNuke) versions prior to 10.1.0

Description DNN’s URL/path handling and template rendering can allow specially crafted input to be reflected into a user profile that is returned to the browser. The application does not sufficiently neutralize or encode characters that are meaningful in HTML, potentially allowing an attacker to cause a victim’s browser to interpret attacker-controlled content as part of the page’s HTML. This is a reflected cross-site scripting issue.

Recommendations Update to version 10.1.0 or later.