Moderate severityNVD Advisory· Published May 23, 2025· Updated May 23, 2025

Dnn.Platform vulnerable to Reflected Cross-Site Scripting (XSS) in module actions in edit mode

CVE-2025-48377

Description

DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Prior to version 9.13.9, a specially crafted URL may be constructed which can inject an XSS payload that is triggered by using some module actions. Version 9.13.9 fixes the issue.

Affected packages

Versions sourced from the GitHub Security Advisory.

Package	Affected versions	Patched versions
DotNetNuke.WebNuGet	< 9.13.9	9.13.9
DotNetNuke.CoreNuGet	< 9.13.9	9.13.9

Affected products

Dnnsoftware/Dnn.platformv5
Range: < 9.13.9

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/advisories/GHSA-79m3-rvx2-3qq9ghsaADVISORY
nvd.nist.gov/vuln/detail/CVE-2025-48377ghsaADVISORY
github.com/dnnsoftware/Dnn.Platform/commit/351b166492ad4b6509c273dc83211d52238e31a7ghsax_refsource_MISCWEB
github.com/dnnsoftware/Dnn.Platform/security/advisories/GHSA-79m3-rvx2-3qq9ghsax_refsource_CONFIRMWEB

News mentions

No linked articles in our index yet.

cvss	0.260
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000