Moderate severityNVD Advisory· Published May 23, 2025· Updated May 23, 2025
Dnn.Platform vulnerable to Reflected Cross-Site Scripting (XSS) in module actions in edit mode
CVE-2025-48377
Description
DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Prior to version 9.13.9, a specially crafted URL may be constructed which can inject an XSS payload that is triggered by using some module actions. Version 9.13.9 fixes the issue.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
DotNetNuke.WebNuGet | < 9.13.9 | 9.13.9 |
DotNetNuke.CoreNuGet | < 9.13.9 | 9.13.9 |
Affected products
3- ghsa-coords2 versions
< 9.13.9+ 1 more
- (no CPE)range: < 9.13.9
- (no CPE)range: < 9.13.9
- Range: < 9.13.9
Patches
Vulnerability mechanics
References
4- github.com/advisories/GHSA-79m3-rvx2-3qq9ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2025-48377ghsaADVISORY
- github.com/dnnsoftware/Dnn.Platform/commit/351b166492ad4b6509c273dc83211d52238e31a7ghsax_refsource_MISCWEB
- github.com/dnnsoftware/Dnn.Platform/security/advisories/GHSA-79m3-rvx2-3qq9ghsax_refsource_CONFIRMWEB
News mentions
0No linked articles in our index yet.