CNNVD-202601-4842 Information

CNNVD ID

CNNVD-202601-4842

Related CVE

CVE-2026-24838

• CNNVD Published: 2026-01-28

Description (Chinese)

DNN（又名DotNetNuke）是美国DNN公司的一套由微软支持、基于ASP.NET平台的开源内容管理系统（CMS）。该系统具有易于安装、可扩展、功能丰富等特点。 DNN 9.13.10之前版本和10.2.0之前版本存在跨站脚本漏洞，该漏洞源于模块标题支持富文本，可能导致跨站脚本攻击。

Description (English)

DNN (also known as DotNetNuke) is an open-source content management system (CMS) supported by Microsoft and based on the ASP.NET platform by United States DNN. The system has features that are easy to install, scalable and functional. DNN 9.13.10 There is a cross-site script loophole in the pre-DNN 9.13.10 and pre-Script 10.2.0, which stems from the fact that the module title supports the rich text and may lead to cross-site script attacks.

Hazard Level

Low

Vulnerability Type

跨站脚本

Affected Vendor

DNN

Published

2026-01-28

Last Modified

2026-02-24

References

https://github.com/dnnsoftware/Dnn.Platform/security/advisories/GHSA-w9pf-h6m6-v89h

Patch

https://github.com/dnnsoftware/Dnn.Platform/releases