VYPR
Moderate severityNVD Advisory· Published Jun 21, 2025· Updated Jun 23, 2025

DNN.PLATFORM Allows Stored Cross-Site Scripting (XSS) in Activity Feed

CVE-2025-52485

Description

DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. In versions 6.0.0 to before 10.0.1, DNN.PLATFORM allows a specially crafted request to inject scripts in the Activity Feed Attachments endpoint which will then render in the feed. This issue has been patched in version 10.0.1.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
DNN.PLATFORMNuGet
>= 6.0.0, < 10.0.110.0.1

Affected products

2

Patches

Vulnerability mechanics

References

3

News mentions

0

No linked articles in our index yet.