Moderate severityNVD Advisory· Published Sep 23, 2025· Updated Sep 23, 2025
DNN vulnerable to Reflected Cross-Site Scripting (XSS) using url to profile
CVE-2025-59821
Description
DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Prior to version 10.1.0, DNN’s URL/path handling and template rendering can allow specially crafted input to be reflected into a user profile that is returned to the browser. In these cases, the application does not sufficiently neutralize or encode characters that are meaningful in HTML, so an attacker can cause a victim’s browser to interpret attacker-controlled content as part of the page’s HTML. This issue has been patched in version 10.1.0.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
DotNetNuke.CoreNuGet | < 10.1.0 | 10.1.0 |
Affected products
1- Range: < 10.1.0
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
3- github.com/advisories/GHSA-jc4g-c8ww-5738ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2025-59821ghsaADVISORY
- github.com/dnnsoftware/Dnn.Platform/security/advisories/GHSA-jc4g-c8ww-5738ghsax_refsource_CONFIRMWEB
News mentions
0No linked articles in our index yet.