DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. In versions 6.0.0 to before 10.0.1, DNN.PLATFORM allows specially crafted content in URLs to be used with TokenReplace and not be properly sanitized by some SkinObjects. This issue has been patched in version 10.0.1.
Fixes

Solution

No solution given by the vendor.


Workaround

No workaround given by the vendor.

History

Mon, 15 Sep 2025 15:45:00 +0000

Type Values Removed Values Added
First Time appeared Dnnsoftware dotnetnuke
CPEs cpe:2.3:a:dnnsoftware:dotnetnuke:*:*:*:*:*:*:*:*
Vendors & Products Dnnsoftware dotnetnuke
Metrics cvssV3_1

{'score': 6.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N'}


Mon, 23 Jun 2025 18:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Sat, 21 Jun 2025 03:00:00 +0000

Type Values Removed Values Added
Description DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. In versions 6.0.0 to before 10.0.1, DNN.PLATFORM allows specially crafted content in URLs to be used with TokenReplace and not be properly sanitized by some SkinObjects. This issue has been patched in version 10.0.1.
Title DNN.PLATFORM Allows Reflected Cross-Site Scripting (XSS) in some TokenReplace situations with SkinObjects
Weaknesses CWE-79
References
Metrics cvssV4_0

{'score': 6.1, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N'}


cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2025-06-23T17:46:16.027Z

Reserved: 2025-06-17T02:28:39.718Z

Link: CVE-2025-52486

cve-icon Vulnrichment

Updated: 2025-06-23T17:46:11.124Z

cve-icon NVD

Status : Analyzed

Published: 2025-06-21T03:15:24.507

Modified: 2025-09-15T15:40:46.907

Link: CVE-2025-52486

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2025-06-27T14:10:58Z