CVE-2026-24833

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2026-24833

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-24833.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2026-24833

Aliases

GHSA-9r3h-mpf8-25gj

Published

2026-01-27T23:49:25.084Z

Modified

2026-03-01T02:57:30.317005Z

Severity

7.6 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H CVSS Calculator

Summary

DotNetNuke.Core Vulnerable to Stored XSS in Module Description

Details

DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Prior to versions 9.13.10 and 10.2.0, a module could install with richtext in its description field which could contain scripts that will run for user in the Persona Bar. Versions 9.13.10 and 10.2.0 contain a fix for the issue.

Database specific

{
    "cna_assigner": "GitHub_M",
    "cwe_ids": [
        "CWE-79"
    ],
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/24xxx/CVE-2026-24833.json"
}

References

Affected packages

Git / github.com/dnnsoftware/dnn.platform

Affected ranges

Type

GIT

Repo

https://github.com/dnnsoftware/dnn.platform

Events

Introduced

Fixed

53cdf4750477293b4e6316b4d91e1d5e43610127

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "9.13.10"
        }
    ]
}

Type

GIT

Repo

https://github.com/dnnsoftware/dnn.platform

Events

Introduced

b936bda3da68c86ffe35360410c0844c15e0695d

Fixed

1920793e65083a9a9dd37065ab1f0f00f6382ea3

Database specific

{
    "versions": [
        {
            "introduced": "10.0.0"
        },
        {
            "fixed": "10.2.0"
        }
    ]
}

Affected versions

v10.*

v10.0.0

v10.0.1

v10.0.1-rc1

v10.0.1-rc2

v10.0.1-rc3

v10.1.0

v10.1.0-rc1

v10.1.1

v10.1.1-rc1

v10.1.2

v10.1.2-rc1

v10.2.0-rc1

v10.2.0-rc2

v7.*

v7.2.1.367-stable

v7.3.2.109-stable

v9.*

v9.1.0

v9.10.0

v9.10.0-rc1

v9.10.0-rc2

v9.10.1

v9.10.1-rc1

v9.10.2

v9.10.2-rc1

v9.11.0

v9.11.0-rc1

v9.11.0-rc2

v9.11.0-rc3

v9.11.0-rc4

v9.11.0-rc5

v9.11.0-rc6

v9.11.0-rc7

v9.11.1-rc1

v9.11.1-rc2

v9.11.1-rc3

v9.11.2

v9.11.2-rc1

v9.12.0-rc1

v9.13.0-rc1

v9.13.0-rc2

v9.13.0-rc3

v9.13.2-rc1

v9.13.3-rc1

v9.13.4-rc1

v9.13.5-rc1

v9.13.6-rc1

v9.13.7-rc1

v9.13.8-rc1

v9.13.9

v9.13.9-rc1

v9.2.0

v9.2.1

v9.2.1-rc0

v9.2.1-rc1

v9.2.2

v9.2.2-rc0

v9.2.2-rc1

v9.2.2-rc2

v9.2.2-rc3

v9.3.0

v9.3.0-rc0

v9.3.0-rc1

v9.3.0-rc2

v9.3.1

v9.3.1-rc0

v9.3.2

v9.3.2-rc0

v9.4.0

v9.4.0-rc0

v9.4.0-rc1

v9.4.1

v9.4.1-rc1

v9.4.2

v9.4.2-rc1

v9.4.3

v9.4.3-rc1

v9.4.4

v9.4.4-rc1

v9.5.0

v9.5.0-rc1

v9.5.0-rc2

v9.5.1-rc1

v9.6.0

v9.6.0-rc1

v9.6.0-rc2

v9.6.0-rc3

v9.6.1

v9.6.1-rc1

v9.6.2

v9.6.2-rc1

v9.6.2-rc2

v9.6.2-rc3

v9.7.0

v9.7.0-rc1

v9.7.0-rc2

v9.7.1

v9.7.1-rc1

v9.7.2

v9.7.2-rc1

v9.8.0

v9.8.0-rc1

v9.8.0-rc2

v9.8.1

v9.8.1-rc1

v9.9.0

v9.9.0-rc1

v9.9.0-rc2

v9.9.1

v9.9.1-rc1

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-24833.json"