XSS Vulnerability in DNN Web Content Management Platform
CVE-2025-59539

6.3MEDIUM

Key Information:

Vendor: Dnnsoftware
Status: Dnn.platform
Vendor: CVE Published:; 23 September 2025

🔔 Create Dnnsoftware Vulnerability Alert

What is CVE-2025-59539?

An XSS vulnerability has been identified in the DNN (DotNetNuke) web content management system, allowing unauthorized JavaScript code execution. This risk arises when users input data into the Biography field, which can be leveraged to inject malicious scripts. The executing scripts can affect any website user viewing the profile, including those with administrative privileges. The issue was resolved with the release of version 10.1.0.

Affected Version(s)

Dnn.Platform < 10.1.0

References

https://github.com/dnnsoftware/Dnn.Platform/security/advi...

x_refsource_CONFIRM

CVSS V3.1

Score:

6.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 23, 2025
Vulnerability Reserved
Sep 17, 2025

JSON