PT-2025-44220 · Dotnetnuke · Dnn
Published
2025-10-28
·
Updated
2025-11-03
·
CVE-2025-64094
CVSS v3.1
6.4
Medium
| Vector | AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
DNN (formerly DotNetNuke) versions prior to 10.1.1
Description
DNN (formerly DotNetNuke) is an open-source web content management platform. Prior to version 10.1.1, the sanitization process for uploaded SVG files did not adequately address all potential cross-site scripting (XSS) scenarios. This issue represents an incomplete fix for a previously identified issue.
Recommendations
Update to version 10.1.1 or later.
Exploit
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Dnn