PT-2026-5040 · Dnn · Dnn

Mojav3R

Published

2026-01-27

Updated

2026-02-02

CVE-2026-24833

CVSS v3.1

7.6

High

Vector

AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions DNN (formerly DotNetNuke) versions prior to 9.13.10 DNN (formerly DotNetNuke) versions prior to 10.2.0

Description DNN (formerly DotNetNuke) is an open-source web content management platform. Prior to versions 9.13.10 and 10.2.0, a module could be installed with rich text in its description field. This rich text could contain scripts that execute for users within the Persona Bar.

Recommendations Update to DNN version 9.13.10 or later. Update to DNN version 10.2.0 or later.

Exploit

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2026-24833

GHSA-9R3H-MPF8-25GJ

Affected Products

Dnn

PT-2026-5040 · Dnn · Dnn

CVE-2026-24833

Weakness Enumeration

Related Identifiers

Affected Products

References · 7