Moderate severityNVD Advisory· Published Jun 21, 2025· Updated Jun 23, 2025
DNN.PLATFORM Allows Stored Cross-Site Scripting (XSS) in Activity Feed
CVE-2025-52485
Description
DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. In versions 6.0.0 to before 10.0.1, DNN.PLATFORM allows a specially crafted request to inject scripts in the Activity Feed Attachments endpoint which will then render in the feed. This issue has been patched in version 10.0.1.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
DNN.PLATFORMNuGet | >= 6.0.0, < 10.0.1 | 10.0.1 |
Affected products
2- Range: >= 6.0.0, < 10.0.1
Patches
Vulnerability mechanics
References
3- github.com/advisories/GHSA-wwc9-wmm3-2pmfghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2025-52485ghsaADVISORY
- github.com/dnnsoftware/Dnn.Platform/security/advisories/GHSA-wwc9-wmm3-2pmfghsax_refsource_CONFIRMWEB
News mentions
0No linked articles in our index yet.