Critical severityOSV Advisory· Published Jan 27, 2026· Updated Jan 28, 2026
DotNetNuke.Core Vulnerable to Stored XSS via Module Title
CVE-2026-24838
Description
DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Prior to versions 9.13.10 and 10.2.0, module title supports richtext which could include scripts that would execute in certain scenarios. Versions 9.13.10 and 10.2.0 contain a fix for the issue.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
DotNetNuke.CoreNuGet | < 9.13.10 | 9.13.10 |
DotNetNuke.CoreNuGet | >= 10.0.0, < 10.2.0 | 10.2.0 |
Affected products
2- Range: v10.0.0, v10.0.1, v10.1.0, …
Patches
Vulnerability mechanics
References
5- github.com/advisories/GHSA-w9pf-h6m6-v89hghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2026-24838ghsaADVISORY
- github.com/dnnsoftware/Dnn.Platform/commit/4a4bcbcdf3cedbf702816f8168c4d51bf688f7f6ghsaWEB
- github.com/dnnsoftware/Dnn.Platform/releases/tag/v10.2.0ghsaWEB
- github.com/dnnsoftware/Dnn.Platform/security/advisories/GHSA-w9pf-h6m6-v89hghsax_refsource_CONFIRMWEB
News mentions
0No linked articles in our index yet.