CVE-2026-24836

High CVSS: 7.6

DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Starting in version 9.0.0 and prior to versions 9.13.10 and 10.2.0, extensions could write richtext in log notes which can include scripts that would run in the PersonaBar when displayed. Versions 9.13.10 and 10.2.0 contain a fix for the issue.

Vendor

Dnnsoftware

Product

Dotnetnuke

CWE

CWE-79

Yayın Tarihi

2026-01-28 00:15:50

Güncelleme

2026-02-04 20:11:52

Source Identifier

security-advisories@github.com

KEV Date Added

Kategoriler

CWE-79 Dotnetnuke HIGH Dnnsoftware 2026

Referanslar

https://github.com/dnnsoftware/Dnn.Platform/security/advisories/GHSA-2g5g-hcgh-q3rp

Benzer Kayıtlar

Medium

CVE-2020-37103

DotNetNuke 9.5 contains a persistent cross-site scripting vulnerability that allows normal users to upload malicious XML…

Critical

CVE-2026-24838

DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Prior to v…

High

CVE-2026-24837

DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Starting i…

Medium

CVE-2026-24784

DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Starting i…

High

CVE-2026-24833

DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Prior to v…

Medium

CVE-2025-62802

DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Prior to 1…