CNNVD-202601-4626 Information
CNNVD ID
CNNVD-202601-4626
Related CVE
- CNNVD Published: 2026-01-28
Description (Chinese)
DNN(又名DotNetNuke)是美国DNN公司的一套由微软支持、基于ASP.NET平台的开源内容管理系统(CMS)。该系统具有易于安装、可扩展、功能丰富等特点。 DNN 9.0.0至9.13.10之前版本和10.2.0之前版本存在跨站脚本漏洞,该漏洞源于内容编辑器可在模块页眉/页脚中注入脚本,可能导致脚本在其他用户环境中运行。
Description (English)
DNN (also known as DotNetNuke) is an open-source content management system (CMS) supported by Microsoft and based on the ASP.NET platform by United States DNN. The system has features that are easy to install, scalable and functional. DNN 9.0.0 to 9.13.10 and 10.2.0 have a cross-site script loophole, which stems from the fact that the content editor can inject scripts into the module header/footer, which may lead to scripts operating in other user environments.
Hazard Level
High
Vulnerability Type
跨站脚本
Affected Vendor
DNN
Published
2026-01-28
Last Modified
2026-02-24
References
https://github.com/dnnsoftware/Dnn.Platform/security/advisories/GHSA-jjwg-4948-6wxp
Patch
https://github.com/dnnsoftware/Dnn.Platform/releases
Share on: