CNNVD-202510-3766 Information

CNNVD ID

CNNVD-202510-3766

Related CVE

CVE-2025-64095

• CNNVD Published: 2025-10-28

Description (Chinese)

DNN（又名DotNetNuke）是美国DNN公司的一套由微软支持、基于ASP.NET平台的开源内容管理系统（CMS）。该系统具有易于安装、可扩展、功能丰富等特点。 DNN 10.1.1之前版本存在代码问题漏洞，该漏洞源于默认HTML编辑器允许未经验证的文件上传，可能导致网站篡改和跨站脚本攻击。

Description (English)

DNN (also known as DotNetNuke) is an open-source content management system (CMS) supported by Microsoft and based on the ASP.NET platform by United States DNN. The system has features that are easy to install, scalable and functional. The previous version of DNN 10.1.1 had a code problem loophole, which stemmed from the default HTML editor allowing the uploading of unverified documents, which could lead to website manipulation and cross-site script attacks.

Hazard Level

Low

Vulnerability Type

代码问题

Affected Vendor

DNN

Published

2025-10-28

Last Modified

2026-02-24

References

https://github.com/dnnsoftware/Dnn.Platform/security/advisories/GHSA-3m8r-w7xg-jqvw https://access.redhat.com/security/cve/cve-2025-64095

Patch

https://www.dnnsoftware.com/