CNNVD-202509-3660 Information
CNNVD ID
CNNVD-202509-3660
Related CVE
- CNNVD Published: 2025-09-23
Description (Chinese)
DNN(又名DotNetNuke)是美国DNN公司的一套由微软支持、基于ASP.NET平台的开源内容管理系统(CMS)。该系统具有易于安装、可扩展、功能丰富等特点。 DNN 10.1.0之前版本存在跨站脚本漏洞,该漏洞源于管理员和内容编辑者可在模块标题中设置包含javascript的html,可能导致跨站脚本攻击。
Description (English)
DNN (also known as DotNetNuke) is an open-source content management system (CMS) supported by Microsoft and based on the ASP.NET platform by United States DNN. The system has features that are easy to install, scalable and functional. The pre-DNN 10.1.0 version has a cross-site script loophole, which stems from the fact that administrators and content editors can set html with javascript in the module title, which may result in cross-site script attacks.
Hazard Level
Critical
Vulnerability Type
跨站脚本
Affected Vendor
dnsmasq
Published
2025-09-23
Last Modified
2026-02-24
References
https://github.com/dnnsoftware/Dnn.Platform/security/advisories/GHSA-gj8m-5492-q98h https://access.redhat.com/security/cve/cve-2025-59546
Patch
https://github.com/dnnsoftware/Dnn.Platform/releases/tag/v10.1.0
Share on: