CVE-2025-52486 – dnn.platform

Package

Manager: nuget
Name: dnn.platform
Vulnerable Version: >=6.0.0 <10.0.1

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N/E:U/RL:O/RC:C

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N

EPSS: 0.0007 pctl0.22129

Details

DNN.PLATFORM Allows Reflected Cross-Site Scripting (XSS) in some TokenReplace situations with SkinObjects DNN.PLATFORM allows specially crafted content in URLs could be used with TokenReplace and not be properly sanitized by some SkinObjects. This vulnerability is fixed in 10.0.1.

Metadata

Created: 2025-06-20T14:56:53Z
Modified: 2025-06-27T22:51:29Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2025/06/GHSA-pf4h-vrv6-cmvr/GHSA-pf4h-vrv6-cmvr.json
CWE IDs: ["CWE-79"]
Alternative ID: GHSA-pf4h-vrv6-cmvr
Finding: F008
Auto approve: 1