Cross-Site Scripting Vulnerability in DNN Platform by DNN Software
CVE-2025-59821

6.5MEDIUM

Key Information:

Vendor: Dnnsoftware
Status: Dnn.platform
Vendor: CVE Published:; 23 September 2025

🔔 Create Dnnsoftware Vulnerability Alert

What is CVE-2025-59821?

DNN Platform, a widely used web content management system, suffers from a Cross-Site Scripting vulnerability due to inadequate handling of user inputs in URL/path processing and template rendering. This flaw allows attackers to inject malicious scripts into user profiles, which are then executed by unsuspecting users' browsers. As a result, attackers can manipulate the page’s HTML and potentially steal sensitive information or hijack user sessions. The vulnerability has been addressed in version 10.1.0 of DNN Platform.

Affected Version(s)

Dnn.Platform < 10.1.0

References

https://github.com/dnnsoftware/Dnn.Platform/security/advi...

x_refsource_CONFIRM

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 23, 2025
Vulnerability Reserved
Sep 22, 2025

JSON