{"url":"http://public2.vulnerablecode.io/api/packages/570146?format=json","purl":"pkg:nuget/DotNetNuke.Core@9.9.0","type":"nuget","namespace":"","name":"DotNetNuke.Core","version":"9.9.0","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"10.2.2","latest_non_vulnerable_version":"10.2.2","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/101125?format=json","vulnerability_id":"VCID-2d1y-21mg-9kdx","summary":"DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Prior to version 10.1.0, administrators and content editors can set html in module titles that could include javascript which could be used for XSS based attacks. This issue has been patched in version 10.1.0.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-59546","reference_id":"","reference_type":"","scores":[{"value":"0.00038","scoring_system":"epss","scoring_elements":"0.11849","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00038","scoring_system":"epss","scoring_elements":"0.11765","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-59546"},{"reference_url":"https://github.com/dnnsoftware/Dnn.Platform","reference_id":"","reference_type":"","scores":[{"value":"2.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/dnnsoftware/Dnn.Platform"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-59546","reference_id":"","reference_type":"","scores":[{"value":"2.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-59546"},{"reference_url":"https://github.com/advisories/GHSA-gj8m-5492-q98h","reference_id":"GHSA-gj8m-5492-q98h","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-gj8m-5492-q98h"},{"reference_url":"https://github.com/dnnsoftware/Dnn.Platform/security/advisories/GHSA-gj8m-5492-q98h","reference_id":"GHSA-gj8m-5492-q98h","reference_type":"","scores":[{"value":"2.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N"},{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-23T18:30:03Z/"}],"url":"https://github.com/dnnsoftware/Dnn.Platform/security/advisories/GHSA-gj8m-5492-q98h"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/376615?format=json","purl":"pkg:nuget/DotNetNuke.Core@10.1.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6227-44sm-nkbb"},{"vulnerability":"VCID-axxm-bb71-33dj"},{"vulnerability":"VCID-fyxq-vtfm-s3ec"},{"vulnerability":"VCID-k89y-aedv-uugd"},{"vulnerability":"VCID-kwns-m3j3-8kb7"},{"vulnerability":"VCID-q7dx-jb8e-wua4"},{"vulnerability":"VCID-smd5-xy65-jufc"},{"vulnerability":"VCID-wau9-knn5-vqbp"},{"vulnerability":"VCID-z9tg-26ja-c7hw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:nuget/DotNetNuke.Core@10.1.0"}],"aliases":["CVE-2025-59546","GHSA-gj8m-5492-q98h"],"risk_score":1.4,"exploitability":"0.5","weighted_severity":"2.7","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2d1y-21mg-9kdx"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/117967?format=json","vulnerability_id":"VCID-4wd1-t7cm-9yd2","summary":"DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Prior to version 9.13.9, uploaded SVG files could contain scripts and if rendered inline those scripts could run allowing XSS attacks. Version 9.13.9 fixes the issue.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-48378","reference_id":"","reference_type":"","scores":[{"value":"0.00055","scoring_system":"epss","scoring_elements":"0.17817","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00055","scoring_system":"epss","scoring_elements":"0.17657","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-48378"},{"reference_url":"https://github.com/dnnsoftware/Dnn.Platform","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/dnnsoftware/Dnn.Platform"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-48378","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-48378"},{"reference_url":"https://github.com/dnnsoftware/Dnn.Platform/commit/cfed83c291d5e5072b2fa70924a8b7c35b1cdf9e","reference_id":"cfed83c291d5e5072b2fa70924a8b7c35b1cdf9e","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-23T16:00:53Z/"}],"url":"https://github.com/dnnsoftware/Dnn.Platform/commit/cfed83c291d5e5072b2fa70924a8b7c35b1cdf9e"},{"reference_url":"https://github.com/advisories/GHSA-m4hf-fxcg-cp34","reference_id":"GHSA-m4hf-fxcg-cp34","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-m4hf-fxcg-cp34"},{"reference_url":"https://github.com/dnnsoftware/Dnn.Platform/security/advisories/GHSA-m4hf-fxcg-cp34","reference_id":"GHSA-m4hf-fxcg-cp34","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-23T16:00:53Z/"}],"url":"https://github.com/dnnsoftware/Dnn.Platform/security/advisories/GHSA-m4hf-fxcg-cp34"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/38328?format=json","purl":"pkg:nuget/DotNetNuke.Core@9.13.9","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2d1y-21mg-9kdx"},{"vulnerability":"VCID-6227-44sm-nkbb"},{"vulnerability":"VCID-as6z-jr8m-6kbm"},{"vulnerability":"VCID-axxm-bb71-33dj"},{"vulnerability":"VCID-c87b-2p6c-xqh8"},{"vulnerability":"VCID-epah-7729-rqba"},{"vulnerability":"VCID-fyxq-vtfm-s3ec"},{"vulnerability":"VCID-k89y-aedv-uugd"},{"vulnerability":"VCID-kwns-m3j3-8kb7"},{"vulnerability":"VCID-q7dx-jb8e-wua4"},{"vulnerability":"VCID-smd5-xy65-jufc"},{"vulnerability":"VCID-trdq-rcjg-s7gy"},{"vulnerability":"VCID-wau9-knn5-vqbp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:nuget/DotNetNuke.Core@9.13.9"}],"aliases":["CVE-2025-48378","GHSA-m4hf-fxcg-cp34"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-4wd1-t7cm-9yd2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/82764?format=json","vulnerability_id":"VCID-6227-44sm-nkbb","summary":"DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Starting in version 9.0.0 and prior to versions 9.13.10 and 10.2.0, extensions could write richtext in log notes which can include scripts that would run in the PersonaBar when displayed. Versions 9.13.10 and 10.2.0 contain a fix for the issue.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-24836","reference_id":"","reference_type":"","scores":[{"value":"0.00017","scoring_system":"epss","scoring_elements":"0.04175","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00017","scoring_system":"epss","scoring_elements":"0.04163","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-24836"},{"reference_url":"https://github.com/dnnsoftware/Dnn.Platform","reference_id":"","reference_type":"","scores":[{"value":"7.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/dnnsoftware/Dnn.Platform"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-24836","reference_id":"CVE-2026-24836","reference_type":"","scores":[{"value":"7.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-24836"},{"reference_url":"https://github.com/advisories/GHSA-2g5g-hcgh-q3rp","reference_id":"GHSA-2g5g-hcgh-q3rp","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-2g5g-hcgh-q3rp"},{"reference_url":"https://github.com/dnnsoftware/Dnn.Platform/security/advisories/GHSA-2g5g-hcgh-q3rp","reference_id":"GHSA-2g5g-hcgh-q3rp","reference_type":"","scores":[{"value":"7.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H"},{"value":"7.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-01-28T21:04:00Z/"}],"url":"https://github.com/dnnsoftware/Dnn.Platform/security/advisories/GHSA-2g5g-hcgh-q3rp"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/38325?format=json","purl":"pkg:nuget/DotNetNuke.Core@10.2.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-axxm-bb71-33dj"},{"vulnerability":"VCID-kwns-m3j3-8kb7"},{"vulnerability":"VCID-q7dx-jb8e-wua4"},{"vulnerability":"VCID-z9tg-26ja-c7hw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:nuget/DotNetNuke.Core@10.2.0"}],"aliases":["CVE-2026-24836","GHSA-2g5g-hcgh-q3rp"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6227-44sm-nkbb"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/343448?format=json","vulnerability_id":"VCID-76dr-n4fx-nud6","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-40186","reference_id":"","reference_type":"","scores":[{"value":"0.00311","scoring_system":"epss","scoring_elements":"0.54749","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00311","scoring_system":"epss","scoring_elements":"0.54872","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-40186"},{"reference_url":"https://appcheck-ng.com/dnn-cms-server-side-request-forgery-cve-2021-40186","reference_id":"","reference_type":"","scores":[],"url":"https://appcheck-ng.com/dnn-cms-server-side-request-forgery-cve-2021-40186"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-40186","reference_id":"CVE-2021-40186","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-40186"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/400849?format=json","purl":"pkg:nuget/DotNetNuke.Core@9.13.0-ci0000","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2d1y-21mg-9kdx"},{"vulnerability":"VCID-4wd1-t7cm-9yd2"},{"vulnerability":"VCID-6227-44sm-nkbb"},{"vulnerability":"VCID-as6z-jr8m-6kbm"},{"vulnerability":"VCID-axxm-bb71-33dj"},{"vulnerability":"VCID-c87b-2p6c-xqh8"},{"vulnerability":"VCID-epah-7729-rqba"},{"vulnerability":"VCID-f55k-m678-vbfr"},{"vulnerability":"VCID-fyxq-vtfm-s3ec"},{"vulnerability":"VCID-k89y-aedv-uugd"},{"vulnerability":"VCID-kwns-m3j3-8kb7"},{"vulnerability":"VCID-q3he-ta5n-hkec"},{"vulnerability":"VCID-q7dx-jb8e-wua4"},{"vulnerability":"VCID-smd5-xy65-jufc"},{"vulnerability":"VCID-trdq-rcjg-s7gy"},{"vulnerability":"VCID-wau9-knn5-vqbp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:nuget/DotNetNuke.Core@9.13.0-ci0000"}],"aliases":["CVE-2021-40186"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-76dr-n4fx-nud6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/100676?format=json","vulnerability_id":"VCID-as6z-jr8m-6kbm","summary":"DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Prior to version 10.1.0, DNN’s URL/path handling and template rendering can allow specially crafted input to be reflected into a user profile that is returned to the browser. In these cases, the application does not sufficiently neutralize or encode characters that are meaningful in HTML, so an attacker can cause a victim’s browser to interpret attacker-controlled content as part of the page’s HTML. This issue has been patched in version 10.1.0.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-59821","reference_id":"","reference_type":"","scores":[{"value":"0.00047","scoring_system":"epss","scoring_elements":"0.1504","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00047","scoring_system":"epss","scoring_elements":"0.14918","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-59821"},{"reference_url":"https://github.com/dnnsoftware/Dnn.Platform","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/dnnsoftware/Dnn.Platform"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-59821","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-59821"},{"reference_url":"https://github.com/advisories/GHSA-jc4g-c8ww-5738","reference_id":"GHSA-jc4g-c8ww-5738","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-jc4g-c8ww-5738"},{"reference_url":"https://github.com/dnnsoftware/Dnn.Platform/security/advisories/GHSA-jc4g-c8ww-5738","reference_id":"GHSA-jc4g-c8ww-5738","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-23T18:29:53Z/"}],"url":"https://github.com/dnnsoftware/Dnn.Platform/security/advisories/GHSA-jc4g-c8ww-5738"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/376615?format=json","purl":"pkg:nuget/DotNetNuke.Core@10.1.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6227-44sm-nkbb"},{"vulnerability":"VCID-axxm-bb71-33dj"},{"vulnerability":"VCID-fyxq-vtfm-s3ec"},{"vulnerability":"VCID-k89y-aedv-uugd"},{"vulnerability":"VCID-kwns-m3j3-8kb7"},{"vulnerability":"VCID-q7dx-jb8e-wua4"},{"vulnerability":"VCID-smd5-xy65-jufc"},{"vulnerability":"VCID-wau9-knn5-vqbp"},{"vulnerability":"VCID-z9tg-26ja-c7hw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:nuget/DotNetNuke.Core@10.1.0"}],"aliases":["CVE-2025-59821","GHSA-jc4g-c8ww-5738"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-as6z-jr8m-6kbm"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/84334?format=json","vulnerability_id":"VCID-axxm-bb71-33dj","summary":"DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Prior to version 10.2.2, a user could upload a specially crafted SVG file that could include scripts that can target both authenticated and unauthenticated DNN users. The impact is increased if the scripts are run by a power user. Version 10.2.2 patches the issue.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-40321","reference_id":"","reference_type":"","scores":[{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.06131","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.06153","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-40321"},{"reference_url":"https://github.com/dnnsoftware/Dnn.Platform","reference_id":"","reference_type":"","scores":[{"value":"8.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/dnnsoftware/Dnn.Platform"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-40321","reference_id":"","reference_type":"","scores":[{"value":"8.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-40321"},{"reference_url":"https://github.com/advisories/GHSA-ffq7-898w-9jc4","reference_id":"GHSA-ffq7-898w-9jc4","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-ffq7-898w-9jc4"},{"reference_url":"https://github.com/dnnsoftware/Dnn.Platform/security/advisories/GHSA-ffq7-898w-9jc4","reference_id":"GHSA-ffq7-898w-9jc4","reference_type":"","scores":[{"value":"8.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H"},{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-20T16:00:34Z/"}],"url":"https://github.com/dnnsoftware/Dnn.Platform/security/advisories/GHSA-ffq7-898w-9jc4"},{"reference_url":"https://github.com/dnnsoftware/Dnn.Platform/releases/tag/v10.2.2","reference_id":"v10.2.2","reference_type":"","scores":[{"value":"8.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H"},{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-20T16:00:34Z/"}],"url":"https://github.com/dnnsoftware/Dnn.Platform/releases/tag/v10.2.2"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373520?format=json","purl":"pkg:nuget/DotNetNuke.Core@10.2.2","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:nuget/DotNetNuke.Core@10.2.2"}],"aliases":["CVE-2026-40321","GHSA-ffq7-898w-9jc4"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-axxm-bb71-33dj"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/100961?format=json","vulnerability_id":"VCID-c87b-2p6c-xqh8","summary":"DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Prior to version 10.1.0, when embedding information in the Biography field, even if that field is not rich-text, users could inject javascript code that would run in the context of the website and to any other user that can view the profile including administrators and/or superusers. This issue has been patched in version 10.1.0.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-59539","reference_id":"","reference_type":"","scores":[{"value":"0.00041","scoring_system":"epss","scoring_elements":"0.13003","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00041","scoring_system":"epss","scoring_elements":"0.12908","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-59539"},{"reference_url":"https://github.com/dnnsoftware/Dnn.Platform","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/dnnsoftware/Dnn.Platform"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-59539","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-59539"},{"reference_url":"https://github.com/advisories/GHSA-7rcc-q6rq-jpcm","reference_id":"GHSA-7rcc-q6rq-jpcm","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-7rcc-q6rq-jpcm"},{"reference_url":"https://github.com/dnnsoftware/Dnn.Platform/security/advisories/GHSA-7rcc-q6rq-jpcm","reference_id":"GHSA-7rcc-q6rq-jpcm","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-23T18:30:23Z/"}],"url":"https://github.com/dnnsoftware/Dnn.Platform/security/advisories/GHSA-7rcc-q6rq-jpcm"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/376615?format=json","purl":"pkg:nuget/DotNetNuke.Core@10.1.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6227-44sm-nkbb"},{"vulnerability":"VCID-axxm-bb71-33dj"},{"vulnerability":"VCID-fyxq-vtfm-s3ec"},{"vulnerability":"VCID-k89y-aedv-uugd"},{"vulnerability":"VCID-kwns-m3j3-8kb7"},{"vulnerability":"VCID-q7dx-jb8e-wua4"},{"vulnerability":"VCID-smd5-xy65-jufc"},{"vulnerability":"VCID-wau9-knn5-vqbp"},{"vulnerability":"VCID-z9tg-26ja-c7hw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:nuget/DotNetNuke.Core@10.1.0"}],"aliases":["CVE-2025-59539","GHSA-7rcc-q6rq-jpcm"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-c87b-2p6c-xqh8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/173030?format=json","vulnerability_id":"VCID-eaz6-q3m7-4bep","summary":"An arbitrary file upload vulnerability in the Digital Assets Manager module of DNN Corp DotNetNuke v7.0.0 to v9.10.2 allows attackers to execute arbitrary code via a crafted SVG file.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-47053","reference_id":"","reference_type":"","scores":[{"value":"0.00738","scoring_system":"epss","scoring_elements":"0.7331","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00738","scoring_system":"epss","scoring_elements":"0.73387","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-47053"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-47053","reference_id":"CVE-2022-47053","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-47053"},{"reference_url":"https://www.dnnsoftware.com/community/security/security-center","reference_id":"security-center","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-10T16:43:29Z/"}],"url":"https://www.dnnsoftware.com/community/security/security-center"},{"reference_url":"https://www.dnnsoftware.com/community/security/security-center#:~:text=XSS%20in%20Digital%20Asset%20Manager","reference_id":"security-center#:~:text=XSS%20in%20Digital%20Asset%20Manager","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-10T16:43:29Z/"}],"url":"https://www.dnnsoftware.com/community/security/security-center#:~:text=XSS%20in%20Digital%20Asset%20Manager"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/27208?format=json","purl":"pkg:nuget/DotNetNuke.Core@9.11.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2d1y-21mg-9kdx"},{"vulnerability":"VCID-4wd1-t7cm-9yd2"},{"vulnerability":"VCID-6227-44sm-nkbb"},{"vulnerability":"VCID-as6z-jr8m-6kbm"},{"vulnerability":"VCID-axxm-bb71-33dj"},{"vulnerability":"VCID-c87b-2p6c-xqh8"},{"vulnerability":"VCID-epah-7729-rqba"},{"vulnerability":"VCID-f55k-m678-vbfr"},{"vulnerability":"VCID-fyxq-vtfm-s3ec"},{"vulnerability":"VCID-k89y-aedv-uugd"},{"vulnerability":"VCID-kwns-m3j3-8kb7"},{"vulnerability":"VCID-q3he-ta5n-hkec"},{"vulnerability":"VCID-q7dx-jb8e-wua4"},{"vulnerability":"VCID-smd5-xy65-jufc"},{"vulnerability":"VCID-trdq-rcjg-s7gy"},{"vulnerability":"VCID-wau9-knn5-vqbp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:nuget/DotNetNuke.Core@9.11.0"}],"aliases":["CVE-2022-47053"],"risk_score":1.4,"exploitability":"0.5","weighted_severity":"2.7","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-eaz6-q3m7-4bep"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/101057?format=json","vulnerability_id":"VCID-epah-7729-rqba","summary":"DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Prior to version 10.1.0, the Prompt module allows execution of commands that can return raw HTML. Malicious input, even if sanitized for display elsewhere, can be executed when processed through certain commands, leading to potential script execution (XSS). This issue has been patched in version 10.1.0.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-59545","reference_id":"","reference_type":"","scores":[{"value":"0.00098","scoring_system":"epss","scoring_elements":"0.27062","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00098","scoring_system":"epss","scoring_elements":"0.2686","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-59545"},{"reference_url":"https://github.com/dnnsoftware/Dnn.Platform","reference_id":"","reference_type":"","scores":[{"value":"9.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/dnnsoftware/Dnn.Platform"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-59545","reference_id":"","reference_type":"","scores":[{"value":"9.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-59545"},{"reference_url":"https://github.com/advisories/GHSA-2qxc-mf4x-wr29","reference_id":"GHSA-2qxc-mf4x-wr29","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-2qxc-mf4x-wr29"},{"reference_url":"https://github.com/dnnsoftware/Dnn.Platform/security/advisories/GHSA-2qxc-mf4x-wr29","reference_id":"GHSA-2qxc-mf4x-wr29","reference_type":"","scores":[{"value":"9.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H"},{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-09-23T18:30:12Z/"}],"url":"https://github.com/dnnsoftware/Dnn.Platform/security/advisories/GHSA-2qxc-mf4x-wr29"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/376615?format=json","purl":"pkg:nuget/DotNetNuke.Core@10.1.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6227-44sm-nkbb"},{"vulnerability":"VCID-axxm-bb71-33dj"},{"vulnerability":"VCID-fyxq-vtfm-s3ec"},{"vulnerability":"VCID-k89y-aedv-uugd"},{"vulnerability":"VCID-kwns-m3j3-8kb7"},{"vulnerability":"VCID-q7dx-jb8e-wua4"},{"vulnerability":"VCID-smd5-xy65-jufc"},{"vulnerability":"VCID-wau9-knn5-vqbp"},{"vulnerability":"VCID-z9tg-26ja-c7hw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:nuget/DotNetNuke.Core@10.1.0"}],"aliases":["CVE-2025-59545","GHSA-2qxc-mf4x-wr29"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-epah-7729-rqba"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/118496?format=json","vulnerability_id":"VCID-f55k-m678-vbfr","summary":"DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Prior to version 9.13.9, a specially crafted URL may be constructed which can inject an XSS payload that is triggered by using some module actions. Version 9.13.9 fixes the issue.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-48377","reference_id":"","reference_type":"","scores":[{"value":"0.00141","scoring_system":"epss","scoring_elements":"0.34174","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00141","scoring_system":"epss","scoring_elements":"0.33998","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-48377"},{"reference_url":"https://github.com/dnnsoftware/Dnn.Platform","reference_id":"","reference_type":"","scores":[{"value":"6.0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/dnnsoftware/Dnn.Platform"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-48377","reference_id":"","reference_type":"","scores":[{"value":"6.0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-48377"},{"reference_url":"https://github.com/dnnsoftware/Dnn.Platform/commit/351b166492ad4b6509c273dc83211d52238e31a7","reference_id":"351b166492ad4b6509c273dc83211d52238e31a7","reference_type":"","scores":[{"value":"6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N"},{"value":"6.0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-23T15:51:04Z/"}],"url":"https://github.com/dnnsoftware/Dnn.Platform/commit/351b166492ad4b6509c273dc83211d52238e31a7"},{"reference_url":"https://github.com/advisories/GHSA-79m3-rvx2-3qq9","reference_id":"GHSA-79m3-rvx2-3qq9","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-79m3-rvx2-3qq9"},{"reference_url":"https://github.com/dnnsoftware/Dnn.Platform/security/advisories/GHSA-79m3-rvx2-3qq9","reference_id":"GHSA-79m3-rvx2-3qq9","reference_type":"","scores":[{"value":"6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N"},{"value":"6.0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-23T15:51:04Z/"}],"url":"https://github.com/dnnsoftware/Dnn.Platform/security/advisories/GHSA-79m3-rvx2-3qq9"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/38328?format=json","purl":"pkg:nuget/DotNetNuke.Core@9.13.9","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2d1y-21mg-9kdx"},{"vulnerability":"VCID-6227-44sm-nkbb"},{"vulnerability":"VCID-as6z-jr8m-6kbm"},{"vulnerability":"VCID-axxm-bb71-33dj"},{"vulnerability":"VCID-c87b-2p6c-xqh8"},{"vulnerability":"VCID-epah-7729-rqba"},{"vulnerability":"VCID-fyxq-vtfm-s3ec"},{"vulnerability":"VCID-k89y-aedv-uugd"},{"vulnerability":"VCID-kwns-m3j3-8kb7"},{"vulnerability":"VCID-q7dx-jb8e-wua4"},{"vulnerability":"VCID-smd5-xy65-jufc"},{"vulnerability":"VCID-trdq-rcjg-s7gy"},{"vulnerability":"VCID-wau9-knn5-vqbp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:nuget/DotNetNuke.Core@9.13.9"}],"aliases":["CVE-2025-48377","GHSA-79m3-rvx2-3qq9"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-f55k-m678-vbfr"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/82686?format=json","vulnerability_id":"VCID-fyxq-vtfm-s3ec","summary":"DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Prior to versions 9.13.10 and 10.2.0,  module title supports richtext which could include scripts that would execute in certain scenarios. Versions 9.13.10 and 10.2.0 contain a fix for the issue.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-24838","reference_id":"","reference_type":"","scores":[{"value":"0.00055","scoring_system":"epss","scoring_elements":"0.17641","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00055","scoring_system":"epss","scoring_elements":"0.17479","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-24838"},{"reference_url":"https://github.com/dnnsoftware/Dnn.Platform","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/dnnsoftware/Dnn.Platform"},{"reference_url":"https://github.com/dnnsoftware/Dnn.Platform/commit/4a4bcbcdf3cedbf702816f8168c4d51bf688f7f6","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/dnnsoftware/Dnn.Platform/commit/4a4bcbcdf3cedbf702816f8168c4d51bf688f7f6"},{"reference_url":"https://github.com/dnnsoftware/Dnn.Platform/releases/tag/v10.2.0","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/dnnsoftware/Dnn.Platform/releases/tag/v10.2.0"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-24838","reference_id":"CVE-2026-24838","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-24838"},{"reference_url":"https://github.com/advisories/GHSA-w9pf-h6m6-v89h","reference_id":"GHSA-w9pf-h6m6-v89h","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-w9pf-h6m6-v89h"},{"reference_url":"https://github.com/dnnsoftware/Dnn.Platform/security/advisories/GHSA-w9pf-h6m6-v89h","reference_id":"GHSA-w9pf-h6m6-v89h","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-01-28T15:03:11Z/"}],"url":"https://github.com/dnnsoftware/Dnn.Platform/security/advisories/GHSA-w9pf-h6m6-v89h"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/38322?format=json","purl":"pkg:nuget/DotNetNuke.Core@9.13.10","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:nuget/DotNetNuke.Core@9.13.10"},{"url":"http://public2.vulnerablecode.io/api/packages/38325?format=json","purl":"pkg:nuget/DotNetNuke.Core@10.2.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-axxm-bb71-33dj"},{"vulnerability":"VCID-kwns-m3j3-8kb7"},{"vulnerability":"VCID-q7dx-jb8e-wua4"},{"vulnerability":"VCID-z9tg-26ja-c7hw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:nuget/DotNetNuke.Core@10.2.0"}],"aliases":["CVE-2026-24838","GHSA-w9pf-h6m6-v89h"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-fyxq-vtfm-s3ec"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/174477?format=json","vulnerability_id":"VCID-gkac-w1q4-wfgw","summary":"Relative Path Traversal in GitHub repository dnnsoftware/dnn.platform prior to 9.11.0.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-2922","reference_id":"","reference_type":"","scores":[{"value":"0.00453","scoring_system":"epss","scoring_elements":"0.64193","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00453","scoring_system":"epss","scoring_elements":"0.64296","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-2922"},{"reference_url":"https://github.com/dnnsoftware/dnn.platform","reference_id":"","reference_type":"","scores":[{"value":"4.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/dnnsoftware/dnn.platform"},{"reference_url":"https://github.com/dnnsoftware/Dnn.Platform/commit/3697c5344cef8d49214230f0cc2efcd9e93a00a8","reference_id":"","reference_type":"","scores":[{"value":"4.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/dnnsoftware/Dnn.Platform/commit/3697c5344cef8d49214230f0cc2efcd9e93a00a8"},{"reference_url":"https://huntr.dev/bounties/74918f40-dc11-4218-abef-064eb71a0703","reference_id":"74918f40-dc11-4218-abef-064eb71a0703","reference_type":"","scores":[{"value":"4.9","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N"},{"value":"4.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-20T16:03:27Z/"}],"url":"https://huntr.dev/bounties/74918f40-dc11-4218-abef-064eb71a0703"},{"reference_url":"https://github.com/dnnsoftware/dnn.platform/commit/9b17351592fbde376506ba6705dbcc7a74a2a195","reference_id":"9b17351592fbde376506ba6705dbcc7a74a2a195","reference_type":"","scores":[{"value":"4.9","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N"},{"value":"4.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-20T16:03:27Z/"}],"url":"https://github.com/dnnsoftware/dnn.platform/commit/9b17351592fbde376506ba6705dbcc7a74a2a195"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-2922","reference_id":"CVE-2022-2922","reference_type":"","scores":[{"value":"4.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-2922"},{"reference_url":"https://github.com/advisories/GHSA-9w72-2f23-57gm","reference_id":"GHSA-9w72-2f23-57gm","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-9w72-2f23-57gm"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/27208?format=json","purl":"pkg:nuget/DotNetNuke.Core@9.11.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2d1y-21mg-9kdx"},{"vulnerability":"VCID-4wd1-t7cm-9yd2"},{"vulnerability":"VCID-6227-44sm-nkbb"},{"vulnerability":"VCID-as6z-jr8m-6kbm"},{"vulnerability":"VCID-axxm-bb71-33dj"},{"vulnerability":"VCID-c87b-2p6c-xqh8"},{"vulnerability":"VCID-epah-7729-rqba"},{"vulnerability":"VCID-f55k-m678-vbfr"},{"vulnerability":"VCID-fyxq-vtfm-s3ec"},{"vulnerability":"VCID-k89y-aedv-uugd"},{"vulnerability":"VCID-kwns-m3j3-8kb7"},{"vulnerability":"VCID-q3he-ta5n-hkec"},{"vulnerability":"VCID-q7dx-jb8e-wua4"},{"vulnerability":"VCID-smd5-xy65-jufc"},{"vulnerability":"VCID-trdq-rcjg-s7gy"},{"vulnerability":"VCID-wau9-knn5-vqbp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:nuget/DotNetNuke.Core@9.11.0"}],"aliases":["CVE-2022-2922","GHSA-9w72-2f23-57gm"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-gkac-w1q4-wfgw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/82832?format=json","vulnerability_id":"VCID-k89y-aedv-uugd","summary":"DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Starting in version 9.0.0 and prior to versions 9.13.10 and 10.2.0, a module friendly name could include scripts that will run during some module operations in the Persona Bar. Versions 9.13.10 and 10.2.0 contain a fix for the issue.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-24837","reference_id":"","reference_type":"","scores":[{"value":"0.00017","scoring_system":"epss","scoring_elements":"0.04175","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00017","scoring_system":"epss","scoring_elements":"0.04163","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-24837"},{"reference_url":"https://github.com/dnnsoftware/Dnn.Platform","reference_id":"","reference_type":"","scores":[{"value":"7.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/dnnsoftware/Dnn.Platform"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-24837","reference_id":"CVE-2026-24837","reference_type":"","scores":[{"value":"7.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-24837"},{"reference_url":"https://github.com/advisories/GHSA-vm5q-8qww-h238","reference_id":"GHSA-vm5q-8qww-h238","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-vm5q-8qww-h238"},{"reference_url":"https://github.com/dnnsoftware/Dnn.Platform/security/advisories/GHSA-vm5q-8qww-h238","reference_id":"GHSA-vm5q-8qww-h238","reference_type":"","scores":[{"value":"7.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H"},{"value":"7.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-01-28T21:02:52Z/"}],"url":"https://github.com/dnnsoftware/Dnn.Platform/security/advisories/GHSA-vm5q-8qww-h238"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/38325?format=json","purl":"pkg:nuget/DotNetNuke.Core@10.2.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-axxm-bb71-33dj"},{"vulnerability":"VCID-kwns-m3j3-8kb7"},{"vulnerability":"VCID-q7dx-jb8e-wua4"},{"vulnerability":"VCID-z9tg-26ja-c7hw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:nuget/DotNetNuke.Core@10.2.0"}],"aliases":["CVE-2026-24837","GHSA-vm5q-8qww-h238"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-k89y-aedv-uugd"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/84164?format=json","vulnerability_id":"VCID-kwns-m3j3-8kb7","summary":"DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Starting in version 6.0.0 and prior to version 10.2.2, in the friends feature, a user could craft a request that would force the acceptance of a friend request on another user. Version 10.2.2 patches the issue.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-40305","reference_id":"","reference_type":"","scores":[{"value":"0.00034","scoring_system":"epss","scoring_elements":"0.10514","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00034","scoring_system":"epss","scoring_elements":"0.1057","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-40305"},{"reference_url":"https://github.com/dnnsoftware/Dnn.Platform","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/dnnsoftware/Dnn.Platform"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-40305","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-40305"},{"reference_url":"https://github.com/advisories/GHSA-fpj4-9qhx-5m6m","reference_id":"GHSA-fpj4-9qhx-5m6m","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-fpj4-9qhx-5m6m"},{"reference_url":"https://github.com/dnnsoftware/Dnn.Platform/security/advisories/GHSA-fpj4-9qhx-5m6m","reference_id":"GHSA-fpj4-9qhx-5m6m","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-20T13:22:45Z/"}],"url":"https://github.com/dnnsoftware/Dnn.Platform/security/advisories/GHSA-fpj4-9qhx-5m6m"},{"reference_url":"https://github.com/dnnsoftware/Dnn.Platform/releases/tag/v10.2.2","reference_id":"v10.2.2","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-20T13:22:45Z/"}],"url":"https://github.com/dnnsoftware/Dnn.Platform/releases/tag/v10.2.2"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373520?format=json","purl":"pkg:nuget/DotNetNuke.Core@10.2.2","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:nuget/DotNetNuke.Core@10.2.2"}],"aliases":["CVE-2026-40305","GHSA-fpj4-9qhx-5m6m"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-kwns-m3j3-8kb7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/114577?format=json","vulnerability_id":"VCID-q3he-ta5n-hkec","summary":"DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. A bypass has been identified for the previously known vulnerability CVE-2017-0929, allowing unauthenticated attackers to execute arbitrary GET requests against target systems, including internal or adjacent networks. This vulnerability facilitates a semi-blind SSRF attack, allowing attackers to make the target server send requests to internal or external URLs without viewing the full responses. Potential impacts include internal network reconnaissance, bypassing firewalls. This vulnerability is fixed in 9.13.8.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-32372","reference_id":"","reference_type":"","scores":[{"value":"0.00102","scoring_system":"epss","scoring_elements":"0.27814","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00102","scoring_system":"epss","scoring_elements":"0.27612","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-32372"},{"reference_url":"https://github.com/dnnsoftware/Dnn.Platform","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/dnnsoftware/Dnn.Platform"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-32372","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-32372"},{"reference_url":"https://github.com/dnnsoftware/Dnn.Platform/commit/4721dd9eef846936d3b1a3676499e46968d15feb","reference_id":"4721dd9eef846936d3b1a3676499e46968d15feb","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-09T15:39:52Z/"}],"url":"https://github.com/dnnsoftware/Dnn.Platform/commit/4721dd9eef846936d3b1a3676499e46968d15feb"},{"reference_url":"https://github.com/advisories/GHSA-3f7v-qx94-666m","reference_id":"GHSA-3f7v-qx94-666m","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-3f7v-qx94-666m"},{"reference_url":"https://github.com/dnnsoftware/Dnn.Platform/security/advisories/GHSA-3f7v-qx94-666m","reference_id":"GHSA-3f7v-qx94-666m","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-09T15:39:52Z/"}],"url":"https://github.com/dnnsoftware/Dnn.Platform/security/advisories/GHSA-3f7v-qx94-666m"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/376256?format=json","purl":"pkg:nuget/DotNetNuke.Core@9.13.8","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2d1y-21mg-9kdx"},{"vulnerability":"VCID-4wd1-t7cm-9yd2"},{"vulnerability":"VCID-6227-44sm-nkbb"},{"vulnerability":"VCID-as6z-jr8m-6kbm"},{"vulnerability":"VCID-axxm-bb71-33dj"},{"vulnerability":"VCID-c87b-2p6c-xqh8"},{"vulnerability":"VCID-epah-7729-rqba"},{"vulnerability":"VCID-f55k-m678-vbfr"},{"vulnerability":"VCID-fyxq-vtfm-s3ec"},{"vulnerability":"VCID-k89y-aedv-uugd"},{"vulnerability":"VCID-kwns-m3j3-8kb7"},{"vulnerability":"VCID-q7dx-jb8e-wua4"},{"vulnerability":"VCID-smd5-xy65-jufc"},{"vulnerability":"VCID-trdq-rcjg-s7gy"},{"vulnerability":"VCID-wau9-knn5-vqbp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:nuget/DotNetNuke.Core@9.13.8"}],"aliases":["CVE-2025-32372","GHSA-3f7v-qx94-666m"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-q3he-ta5n-hkec"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/359949?format=json","vulnerability_id":"VCID-q7dx-jb8e-wua4","summary":"DotNetNuke.Core security code analysis rules triggered\nThe codebase raises code analysis warnings related to security, including CA3075, CA5366, CA5371, CA5368, CA5369, CA5372, CA5379, CA5350, and CA5351.\n\nMost of these deal with disabling DTD processing in XML documents, but also includes cryptographic algorithm choices.","references":[{"reference_url":"https://github.com/dnnsoftware/Dnn.Platform","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/dnnsoftware/Dnn.Platform"},{"reference_url":"https://github.com/dnnsoftware/Dnn.Platform/security/advisories/GHSA-fcpv-w245-r2q7","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/dnnsoftware/Dnn.Platform/security/advisories/GHSA-fcpv-w245-r2q7"},{"reference_url":"https://github.com/advisories/GHSA-fcpv-w245-r2q7","reference_id":"GHSA-fcpv-w245-r2q7","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-fcpv-w245-r2q7"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373520?format=json","purl":"pkg:nuget/DotNetNuke.Core@10.2.2","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:nuget/DotNetNuke.Core@10.2.2"}],"aliases":["GHSA-fcpv-w245-r2q7"],"risk_score":1.4,"exploitability":"0.5","weighted_severity":"2.7","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-q7dx-jb8e-wua4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/90930?format=json","vulnerability_id":"VCID-smd5-xy65-jufc","summary":"DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Prior to 10.1.1,  sanitization of the content of uploaded SVG files was not covering all possible XSS scenarios. This vulnerability exists because of an incomplete fix for CVE-2025-48378. This vulnerability is fixed in 10.1.1.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-64094","reference_id":"","reference_type":"","scores":[{"value":"0.00025","scoring_system":"epss","scoring_elements":"0.07536","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00025","scoring_system":"epss","scoring_elements":"0.07571","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-64094"},{"reference_url":"https://github.com/dnnsoftware/Dnn.Platform","reference_id":"","reference_type":"","scores":[{"value":"6.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/dnnsoftware/Dnn.Platform"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-64094","reference_id":"CVE-2025-64094","reference_type":"","scores":[{"value":"6.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-64094"},{"reference_url":"https://github.com/advisories/GHSA-hmvq-8p83-cq52","reference_id":"GHSA-hmvq-8p83-cq52","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-hmvq-8p83-cq52"},{"reference_url":"https://github.com/dnnsoftware/Dnn.Platform/security/advisories/GHSA-hmvq-8p83-cq52","reference_id":"GHSA-hmvq-8p83-cq52","reference_type":"","scores":[{"value":"6.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-29T14:51:54Z/"}],"url":"https://github.com/dnnsoftware/Dnn.Platform/security/advisories/GHSA-hmvq-8p83-cq52"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/34899?format=json","purl":"pkg:nuget/DotNetNuke.Core@10.1.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6227-44sm-nkbb"},{"vulnerability":"VCID-axxm-bb71-33dj"},{"vulnerability":"VCID-fyxq-vtfm-s3ec"},{"vulnerability":"VCID-k89y-aedv-uugd"},{"vulnerability":"VCID-kwns-m3j3-8kb7"},{"vulnerability":"VCID-q7dx-jb8e-wua4"},{"vulnerability":"VCID-wau9-knn5-vqbp"},{"vulnerability":"VCID-z9tg-26ja-c7hw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:nuget/DotNetNuke.Core@10.1.1"}],"aliases":["CVE-2025-64094","GHSA-hmvq-8p83-cq52"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-smd5-xy65-jufc"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/339688?format=json","vulnerability_id":"VCID-tfyx-ssz9-1qah","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-31858","reference_id":"","reference_type":"","scores":[{"value":"0.00234","scoring_system":"epss","scoring_elements":"0.46512","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00234","scoring_system":"epss","scoring_elements":"0.46657","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-31858"},{"reference_url":"https://labs.integrity.pt/advisories/cve-2021-31858/","reference_id":"CVE-2021-31858","reference_type":"","scores":[],"url":"https://labs.integrity.pt/advisories/cve-2021-31858/"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-31858","reference_id":"CVE-2021-31858","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-31858"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/400849?format=json","purl":"pkg:nuget/DotNetNuke.Core@9.13.0-ci0000","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2d1y-21mg-9kdx"},{"vulnerability":"VCID-4wd1-t7cm-9yd2"},{"vulnerability":"VCID-6227-44sm-nkbb"},{"vulnerability":"VCID-as6z-jr8m-6kbm"},{"vulnerability":"VCID-axxm-bb71-33dj"},{"vulnerability":"VCID-c87b-2p6c-xqh8"},{"vulnerability":"VCID-epah-7729-rqba"},{"vulnerability":"VCID-f55k-m678-vbfr"},{"vulnerability":"VCID-fyxq-vtfm-s3ec"},{"vulnerability":"VCID-k89y-aedv-uugd"},{"vulnerability":"VCID-kwns-m3j3-8kb7"},{"vulnerability":"VCID-q3he-ta5n-hkec"},{"vulnerability":"VCID-q7dx-jb8e-wua4"},{"vulnerability":"VCID-smd5-xy65-jufc"},{"vulnerability":"VCID-trdq-rcjg-s7gy"},{"vulnerability":"VCID-wau9-knn5-vqbp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:nuget/DotNetNuke.Core@9.13.0-ci0000"}],"aliases":["CVE-2021-31858"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-tfyx-ssz9-1qah"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/101151?format=json","vulnerability_id":"VCID-trdq-rcjg-s7gy","summary":"DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Prior to version 10.1.0, arbitrary themes can be loaded through query parameters. If an installed theme had a vulnerability, even if it was not used on any page, this could be loaded on unsuspecting clients without knowledge of the site owner. This issue has been patched in version 10.1.0.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-59535","reference_id":"","reference_type":"","scores":[{"value":"0.00126","scoring_system":"epss","scoring_elements":"0.31369","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00126","scoring_system":"epss","scoring_elements":"0.31561","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-59535"},{"reference_url":"https://dnncommunity.org/?SkinSrc=%5BG%5Dskins%2Fxcillion%2Fhome&ContainerSrc=%5BG%5DContainers%2FXcillion%2FNoTitle","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://dnncommunity.org/?SkinSrc=%5BG%5Dskins%2Fxcillion%2Fhome&ContainerSrc=%5BG%5DContainers%2FXcillion%2FNoTitle"},{"reference_url":"https://github.com/dnnsoftware/Dnn.Platform","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/dnnsoftware/Dnn.Platform"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-59535","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-59535"},{"reference_url":"https://github.com/dnnsoftware/Dnn.Platform/commit/72f30f69fd2214d77f6c2577dfcca495a24caf5c","reference_id":"72f30f69fd2214d77f6c2577dfcca495a24caf5c","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-09-23T20:08:12Z/"}],"url":"https://github.com/dnnsoftware/Dnn.Platform/commit/72f30f69fd2214d77f6c2577dfcca495a24caf5c"},{"reference_url":"https://github.com/advisories/GHSA-wq2j-w9pm-7x2p","reference_id":"GHSA-wq2j-w9pm-7x2p","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-wq2j-w9pm-7x2p"},{"reference_url":"https://github.com/dnnsoftware/Dnn.Platform/security/advisories/GHSA-wq2j-w9pm-7x2p","reference_id":"GHSA-wq2j-w9pm-7x2p","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-09-23T20:08:12Z/"}],"url":"https://github.com/dnnsoftware/Dnn.Platform/security/advisories/GHSA-wq2j-w9pm-7x2p"},{"reference_url":"https://github.com/dnnsoftware/Dnn.Platform/blob/develop/DNN%20Platform/Library/UI/Skins/Skin.cs#L305","reference_id":"Skin.cs#L305","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-09-23T20:08:12Z/"}],"url":"https://github.com/dnnsoftware/Dnn.Platform/blob/develop/DNN%20Platform/Library/UI/Skins/Skin.cs#L305"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/376615?format=json","purl":"pkg:nuget/DotNetNuke.Core@10.1.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6227-44sm-nkbb"},{"vulnerability":"VCID-axxm-bb71-33dj"},{"vulnerability":"VCID-fyxq-vtfm-s3ec"},{"vulnerability":"VCID-k89y-aedv-uugd"},{"vulnerability":"VCID-kwns-m3j3-8kb7"},{"vulnerability":"VCID-q7dx-jb8e-wua4"},{"vulnerability":"VCID-smd5-xy65-jufc"},{"vulnerability":"VCID-wau9-knn5-vqbp"},{"vulnerability":"VCID-z9tg-26ja-c7hw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:nuget/DotNetNuke.Core@10.1.0"}],"aliases":["CVE-2025-59535","GHSA-wq2j-w9pm-7x2p"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-trdq-rcjg-s7gy"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/82956?format=json","vulnerability_id":"VCID-wau9-knn5-vqbp","summary":"DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Starting in version 9.0.0 and prior to versions 9.13.10 and 10.2.0, a content editor could inject scripts in module headers/footers that would run for other users. Versions 9.13.10 and 10.2.0 contain a fix for the issue.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-24784","reference_id":"","reference_type":"","scores":[{"value":"0.00054","scoring_system":"epss","scoring_elements":"0.17344","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00054","scoring_system":"epss","scoring_elements":"0.1718","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-24784"},{"reference_url":"https://github.com/dnnsoftware/Dnn.Platform","reference_id":"","reference_type":"","scores":[{"value":"6.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/dnnsoftware/Dnn.Platform"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-24784","reference_id":"CVE-2026-24784","reference_type":"","scores":[{"value":"6.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-24784"},{"reference_url":"https://github.com/advisories/GHSA-jjwg-4948-6wxp","reference_id":"GHSA-jjwg-4948-6wxp","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-jjwg-4948-6wxp"},{"reference_url":"https://github.com/dnnsoftware/Dnn.Platform/security/advisories/GHSA-jjwg-4948-6wxp","reference_id":"GHSA-jjwg-4948-6wxp","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N"},{"value":"6.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:L/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-28T15:06:32Z/"}],"url":"https://github.com/dnnsoftware/Dnn.Platform/security/advisories/GHSA-jjwg-4948-6wxp"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/38322?format=json","purl":"pkg:nuget/DotNetNuke.Core@9.13.10","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:nuget/DotNetNuke.Core@9.13.10"},{"url":"http://public2.vulnerablecode.io/api/packages/38325?format=json","purl":"pkg:nuget/DotNetNuke.Core@10.2.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-axxm-bb71-33dj"},{"vulnerability":"VCID-kwns-m3j3-8kb7"},{"vulnerability":"VCID-q7dx-jb8e-wua4"},{"vulnerability":"VCID-z9tg-26ja-c7hw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:nuget/DotNetNuke.Core@10.2.0"}],"aliases":["CVE-2026-24784","GHSA-jjwg-4948-6wxp"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-wau9-knn5-vqbp"}],"fixing_vulnerabilities":[],"risk_score":"4.5","resource_url":"http://public2.vulnerablecode.io/packages/pkg:nuget/DotNetNuke.Core@9.9.0"}