CNNVD-202510-3768 Information

CNNVD ID

CNNVD-202510-3768

Related CVE

CVE-2025-64094

• CNNVD Published: 2025-10-28

Description (Chinese)

DNN（又名DotNetNuke）是美国DNN公司的一套由微软支持、基于ASP.NET平台的开源内容管理系统（CMS）。该系统具有易于安装、可扩展、功能丰富等特点。 DNN 10.1.1之前版本存在跨站脚本漏洞，该漏洞源于SVG文件上传内容清理不完整，可能导致跨站脚本攻击。

Description (English)

DNN (also known as DotNetNuke) is an open-source content management system (CMS) supported by Microsoft and based on the ASP.NET platform by United States DNN. The system has features that are easy to install, scalable and functional. The previous version of DNN 10.1.1 had a cross-site script loophole, which stemmed from incomplete uploading of SVG documents and could lead to cross-site script attacks.

Hazard Level

High

Vulnerability Type

跨站脚本

Published

2025-10-28

Last Modified

2026-02-24

References

https://github.com/dnnsoftware/Dnn.Platform/security/advisories/GHSA-hmvq-8p83-cq52 https://access.redhat.com/security/cve/cve-2025-64094

Patch

https://www.dnnsoftware.com/