CVE-2025-59545

Source
https://cve.org/CVERecord?id=CVE-2025-59545
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-59545.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2025-59545
Aliases
Published
2025-09-23T17:41:30.092Z
Modified
2026-07-08T07:07:10.714405587Z
Severity
  • 9.0 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H CVSS Calculator
Summary
DNN Vulnerable to Stored Cross-Site Scripting (XSS) in the Prompt module
Details

DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Prior to version 10.1.0, the Prompt module allows execution of commands that can return raw HTML. Malicious input, even if sanitized for display elsewhere, can be executed when processed through certain commands, leading to potential script execution (XSS). This issue has been patched in version 10.1.0.

Database specific
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/59xxx/CVE-2025-59545.json",
    "cna_assigner": "GitHub_M",
    "cwe_ids": [
        "CWE-79"
    ]
}
References

Affected packages

Git / github.com/dnnsoftware/dnn.platform

Affected ranges

Type
GIT
Repo
https://github.com/dnnsoftware/dnn.platform
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
Database specific
{
    "source": [
        "AFFECTED_FIELD",
        "CPE_RANGE"
    ],
    "cpe": "cpe:2.3:a:dnnsoftware:dotnetnuke:*:*:*:*:*:*:*:*",
    "extracted_events": [
        {
            "introduced": "0"
        },
        {
            "fixed": "10.1.0"
        }
    ]
}

Affected versions

v10.*
v10.0.0
v10.0.1
v9.*
v9.1.0
v9.10.0
v9.10.1
v9.10.2
v9.11.0
v9.11.1
v9.12.0
v9.13.0
v9.13.1
v9.13.2
v9.13.3
v9.13.4
v9.13.5
v9.13.6
v9.13.7
v9.13.8
v9.3.0-rc0
v9.3.0-rc1
v9.4.0
v9.4.0-rc0
v9.4.0-rc1
v9.4.1
v9.4.1-rc1
v9.4.2
v9.4.2-rc1
v9.4.3
v9.4.3-rc1
v9.4.4
v9.5.0
v9.5.0-rc2
v9.6.0
v9.6.1
v9.6.2
v9.7.0
v9.7.1
v9.7.2
v9.8.0
v9.8.1
v9.9.0
v9.9.1

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-59545.json"