CNNVD-202602-386 Information
Feb 03, 2026
cve
CNNVD ID
CNNVD-202602-386
Related CVE
- CNNVD Published: 2026-02-03
Description (Chinese)
DNN DotNetNuke是DNN公司的一个.NET平台的内容管理系统。 DNN DotNetNuke 9.5版本存在跨站脚本漏洞,该漏洞源于允许普通用户通过日志工具上传包含可执行脚本的恶意XML文件,可能导致跨站脚本攻击。
Description (English)
DNN DotNetNuke is a content management system for the .NET platform of DNN. Version 9.5 of DNN DotNetNuke has a cross-site script loophole, which stems from allowing ordinary users to upload malicious XML files containing enforceable scripts through the log tool, which may lead to cross-site script attacks.
Hazard Level
High
Vulnerability Type
跨站脚本
Affected Vendor
DNN
Published
2026-02-03
Last Modified
2026-02-24
References
http://dnnsoftware.com/ https://medium.com/@SajjadPourali/dnn-dotnetnuke-cms-not-as-secure-as-you-think-e8516f789175 https://www.exploit-db.com/exploits/48124 https://www.vulncheck.com/advisories/dotnetnuke-persistent-cross-site-scripting
Share on: