CNNVD-202601-4622 Information

Jan 28, 2026 cve

CNNVD ID

CNNVD-202601-4622

CVE-2026-24836

  • CNNVD Published: 2026-01-28

Description (Chinese)

DNN(又名DotNetNuke)是美国DNN公司的一套由微软支持、基于ASP.NET平台的开源内容管理系统(CMS)。该系统具有易于安装、可扩展、功能丰富等特点。 DNN 9.13.10及之前版本和10.2.0及之前版本存在跨站脚本漏洞,该漏洞源于扩展程序可在日志注释中写入富文本,其中包含的脚本可能在PersonaBar中显示时运行,可能导致跨站脚本攻击。

Description (English)

DNN (also known as DotNetNuke) is an open-source content management system (CMS) supported by Microsoft and based on the ASP.NET platform by United States DNN. The system has features that are easy to install, scalable and functional. DNN 9.13.10 There is a cross-site script loophole in previous and 10.2.0 and earlier versions, which stems from the fact that the extended program can include rich text in the log note, which contains scripts that may run when shown in Persona Bar and may lead to cross-site script attacks.

Hazard Level

Medium

Vulnerability Type

跨站脚本

Affected Vendor

DNN

Published

2026-01-28

Last Modified

2026-02-24

References

https://github.com/dnnsoftware/Dnn.Platform/security/advisories/GHSA-2g5g-hcgh-q3rp

Patch

https://github.com/dnnsoftware/Dnn.Platform/releases

Share on: