XSS Vulnerability in DNN Platform Affects Administrators and Editors
CVE-2025-59546

2.4LOW

Key Information:

Vendor

Dnnsoftware

Status
Dnn.platform
Vendor
CVE Published:
23 September 2025

What is CVE-2025-59546?

An issue has been identified in the DNN Platform where prior to version 10.1.0, administrators and content editors could manipulate module titles to include untrusted HTML and JavaScript code. This vulnerability exposes the system to potential Cross-Site Scripting (XSS) attacks, enabling malicious actors to execute harmful scripts in users' browsers. This critical issue has been resolved in the 10.1.0 release, reinforcing the platform's security against such exploitation.

Affected Version(s)

Dnn.Platform < 10.1.0

References

https://github.com/dnnsoftware/Dnn.Platform/security/advi...
x_refsource_CONFIRM

CVSS V3.1

Score:
2.4
Severity:
LOW
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.
CVE-2025-59546 : XSS Vulnerability in DNN Platform Affects Administrators and Editors