CNNVD-202509-3226 Information
CNNVD ID
CNNVD-202509-3226
Related CVE
- CNNVD Published: 2025-09-22
Description (Chinese)
DNN(又名DotNetNuke)是美国DNN公司的一套由微软支持、基于ASP.NET平台的开源内容管理系统(CMS)。该系统具有易于安装、可扩展、功能丰富等特点。 DNN 10.1.0之前版本存在安全漏洞,该漏洞源于可通过查询参数加载任意主题,可能导致利用未使用主题的漏洞攻击客户端。
Description (English)
DNN (also known as DotNetNuke) is an open-source content management system (CMS) supported by Microsoft and based on the ASP.NET platform by United States DNN. The system has features that are easy to install, scalable and functional. A security loophole existed in the previous version of DNN 10.1.0, which originated from the fact that any subject could be loaded with query parameters, which could lead to an attack on the client using an unused subject.
Hazard Level
High
Vulnerability Type
其他
Affected Vendor
dnsmasq
Published
2025-09-22
Last Modified
2026-02-24
References
https://github.com/dnnsoftware/Dnn.Platform/blob/develop/DNN%20Platform/Library/UI/Skins/Skin.cs#L305 https://github.com/dnnsoftware/Dnn.Platform/security/advisories/GHSA-wq2j-w9pm-7x2p https://github.com/dnnsoftware/Dnn.Platform/commit/72f30f69fd2214d77f6c2577dfcca495a24caf5c https://access.redhat.com/security/cve/cve-2025-59535
Patch
https://www.dnnsoftware.com/community/download
Share on: