GHSA-jc4g-c8ww-5738
Suggest an improvement- Source
- https://github.com/advisories/GHSA-jc4g-c8ww-5738
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2025/09/GHSA-jc4g-c8ww-5738/GHSA-jc4g-c8ww-5738.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-jc4g-c8ww-5738
- Aliases
- Published
- 2025-09-23T15:09:47Z
- Modified
- 2025-09-23T20:01:11.088115Z
- Severity
-
- 6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N CVSS Calculator
- Summary
- DNN vulnerable to Reflected Cross-Site Scripting (XSS) using url to profile
- Details
-
Summary
A reflected cross-site scripting (XSS) vulnerability exists under certain conditions, using a specially crafter url to view a user profile
Description
DNN’s URL/path handling and template rendering can allow specially crafted input to be reflected into a user profile that are returned to the browser. In these cases, the application does not sufficiently neutralize or encode characters that are meaningful in HTML, so an attacker can cause a victim’s browser to interpret attacker-controlled content as part of the page’s HTML.
- Database specific
{ "github_reviewed": true, "cwe_ids": [ "CWE-79" ], "github_reviewed_at": "2025-09-23T15:09:47Z", "nvd_published_at": "2025-09-23T18:15:41Z", "severity": "MODERATE" }- References
Affected packages
NuGet / DotNetNuke.Core
Package
- Name
- DotNetNuke.Core
- View open source insights on deps.dev
- Purl
- pkg:nuget/DotNetNuke.Core
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed10.1.0
Affected versions
6.*
6.0.0
7.*
7.0.0
7.0.6.121
7.1.0
7.1.2
7.2.0.613
7.3.0.499
7.3.1.20
7.4.0.353
7.4.1.280
7.4.2.216
8.*
8.0.0.809
8.0.1.239
8.0.2.4
8.0.3.5
8.0.4.226
9.*
9.0.0.1002
9.0.1.142
9.1.0.367
9.1.1.129
9.2.0.366
9.2.1.533
9.3.0
9.3.1
9.3.2
9.4.0
9.4.1
9.4.2
9.4.3
9.4.4
9.5.0
9.6.1
9.6.2
9.7.0
9.7.1
9.7.2
9.8.0
9.9.0
9.9.1
9.10.0
9.10.1
9.10.2
9.11.0
9.11.1
9.11.2
9.12.0
9.13.0-ci0000
9.13.0
9.13.1
9.13.2
9.13.3
9.13.4
9.13.5-ci0062
9.13.5
9.13.6
9.13.7-ci0064
9.13.7
9.13.8
9.13.9
10.*
10.0.0
10.0.1