CVE-2026-24838

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2026-24838

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-24838.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2026-24838

Aliases

GHSA-w9pf-h6m6-v89h

Published

2026-01-27T23:58:33.340Z

Modified

2026-02-05T20:47:12.189254Z

Severity

9.1 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H CVSS Calculator

Summary

DotNetNuke.Core Vulnerable to Stored XSS via Module Title

Details

DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Prior to versions 9.13.10 and 10.2.0, module title supports richtext which could include scripts that would execute in certain scenarios. Versions 9.13.10 and 10.2.0 contain a fix for the issue.

Database specific

{
    "cwe_ids": [
        "CWE-79"
    ],
    "cna_assigner": "GitHub_M",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/24xxx/CVE-2026-24838.json"
}

References

Affected packages

Git / github.com/dnnsoftware/dnn.platform

Affected ranges

Type

GIT

Repo

https://github.com/dnnsoftware/dnn.platform

Events

Introduced

Fixed

53cdf4750477293b4e6316b4d91e1d5e43610127

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "9.13.10"
        }
    ]
}

Type

GIT

Repo

https://github.com/dnnsoftware/dnn.platform

Events

Introduced

b936bda3da68c86ffe35360410c0844c15e0695d

Fixed

1920793e65083a9a9dd37065ab1f0f00f6382ea3

Database specific

{
    "versions": [
        {
            "introduced": "10.0.0"
        },
        {
            "fixed": "10.2.0"
        }
    ]
}

Affected versions

v10.*

v10.0.0

v10.0.1

v10.0.1-rc1

v10.0.1-rc2

v10.0.1-rc3

v10.1.0

v10.1.0-rc1

v10.1.1

v10.1.1-rc1

v10.1.2

v10.1.2-rc1

v10.2.0-rc1

v10.2.0-rc2

v7.*

v7.2.1.367-stable

v7.3.2.109-stable

v9.*

v9.1.0

v9.10.0

v9.10.0-rc1

v9.10.0-rc2

v9.10.1

v9.10.1-rc1

v9.10.2

v9.10.2-rc1

v9.11.0

v9.11.0-rc1

v9.11.0-rc2

v9.11.0-rc3

v9.11.0-rc4

v9.11.0-rc5

v9.11.0-rc6

v9.11.0-rc7

v9.11.1-rc1

v9.11.1-rc2

v9.11.1-rc3

v9.11.2

v9.11.2-rc1

v9.12.0-rc1

v9.13.0-rc1

v9.13.0-rc2

v9.13.0-rc3

v9.13.2-rc1

v9.13.3-rc1

v9.13.4-rc1

v9.13.5-rc1

v9.13.6-rc1

v9.13.7-rc1

v9.13.8-rc1

v9.13.9

v9.13.9-rc1

v9.2.0

v9.2.1

v9.2.1-rc0

v9.2.1-rc1

v9.2.2

v9.2.2-rc0

v9.2.2-rc1

v9.2.2-rc2

v9.2.2-rc3

v9.3.0

v9.3.0-rc0

v9.3.0-rc1

v9.3.0-rc2

v9.3.1

v9.3.1-rc0

v9.3.2

v9.3.2-rc0

v9.4.0

v9.4.0-rc0

v9.4.0-rc1

v9.4.1

v9.4.1-rc1

v9.4.2

v9.4.2-rc1

v9.4.3

v9.4.3-rc1

v9.4.4

v9.4.4-rc1

v9.5.0

v9.5.0-rc1

v9.5.0-rc2

v9.5.1-rc1

v9.6.0

v9.6.0-rc1

v9.6.0-rc2

v9.6.0-rc3

v9.6.1

v9.6.1-rc1

v9.6.2

v9.6.2-rc1

v9.6.2-rc2

v9.6.2-rc3

v9.7.0

v9.7.0-rc1

v9.7.0-rc2

v9.7.1

v9.7.1-rc1

v9.7.2

v9.7.2-rc1

v9.8.0

v9.8.0-rc1

v9.8.0-rc2

v9.8.1

v9.8.1-rc1

v9.9.0

v9.9.0-rc1

v9.9.0-rc2

v9.9.1

v9.9.1-rc1

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-24838.json"