CNNVD-202601-4621 Information

CNNVD ID

CNNVD-202601-4621

Related CVE

CVE-2026-24837

• CNNVD Published: 2026-01-28

Description (Chinese)

DNN（又名DotNetNuke）是美国DNN公司的一套由微软支持、基于ASP.NET平台的开源内容管理系统（CMS）。该系统具有易于安装、可扩展、功能丰富等特点。 DNN 9.13.10及之前版本和10.2.0及之前版本存在跨站脚本漏洞，该漏洞源于模块友好名称可能包含脚本，这些脚本在Persona Bar中的某些模块操作期间运行，可能导致跨站脚本攻击。

Description (English)

DNN (also known as DotNetNuke) is an open-source content management system (CMS) supported by Microsoft and based on the ASP.NET platform by United States DNN. The system has features that are easy to install, scalable and functional. DNN 9.13.10 There is a cross-site script loophole in previous and 10.2.0 and earlier versions, which stems from the fact that module friendly names may contain scripts that operate during the operation of some of the modules in Persona Bar and may lead to cross-site script attacks.

Hazard Level

Medium

Vulnerability Type

跨站脚本

Affected Vendor

DNN

Published

2026-01-28

Last Modified

2026-02-24

References

https://github.com/dnnsoftware/Dnn.Platform/security/advisories/GHSA-vm5q-8qww-h238

Patch

https://github.com/dnnsoftware/Dnn.Platform/releases