Unrated severityNVD Advisory· Published Sep 23, 2025· Updated Sep 23, 2025

DNN Vulnerable to Reflected Cross-Site Scripting (XSS) in CKEditor File Browser

CVE-2025-59548

Description

DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Prior to version 10.1.0, specially crafted URLs to the FileBrowser are vulnerable to javascript injection, affecting any unsuspecting user clicking such link. This issue has been patched in version 10.1.0.

Affected products

Dnnsoftware/Dnn.platformv5
Range: < 10.1.0

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/dnnsoftware/Dnn.Platform/security/advisories/GHSA-5fj9-542v-w4rqmitrex_refsource_CONFIRM

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000