Moderate severityNVD Advisory· Published Jun 21, 2025· Updated Jun 23, 2025

DNN.PLATFORM Allows Stored Cross-Site Scripting (XSS) in Activity Feed

CVE-2025-52485

Description

DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. In versions 6.0.0 to before 10.0.1, DNN.PLATFORM allows a specially crafted request to inject scripts in the Activity Feed Attachments endpoint which will then render in the feed. This issue has been patched in version 10.0.1.

Affected packages

Versions sourced from the GitHub Security Advisory.

Package	Affected versions	Patched versions
DNN.PLATFORMNuGet	>= 6.0.0, < 10.0.1	10.0.1

Affected products

Dnnsoftware/Dnn.platformv5
Range: >= 6.0.0, < 10.0.1

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/advisories/GHSA-wwc9-wmm3-2pmfghsaADVISORY
nvd.nist.gov/vuln/detail/CVE-2025-52485ghsaADVISORY
github.com/dnnsoftware/Dnn.Platform/security/advisories/GHSA-wwc9-wmm3-2pmfghsax_refsource_CONFIRMWEB

News mentions

No linked articles in our index yet.

cvss	0.260
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000