CRITICALCVE-2026-24838Published 2026-01-27Modified 2026-01-28CNA GitHub_M

CVE-2026-24838: DotNetNuke.Core Vulnerable to Stored XSS via Module Title

DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Prior to versions 9.13.10 and 10.2.0, module title supports richtext which could include scripts that would execute in certain scenarios. Versions 9.13.10 and 10.2.0 contain a fix for the issue.

CVSS v3.1: 9.1
Severity: CRITICAL
Fixed in: —
Affected Products: 1

Affected packages

dnnsoftware / Dnn.Platform
< 9.13.10 · >= 10.0.0, < 10.2.0

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

References

https://github.com/dnnsoftware/Dnn.Platform/security/advisories/GHSA-w9pf-h6m6-v89h

Metrics