GHSA-pf4h-vrv6-cmvr

Suggest an improvement
Source
https://github.com/advisories/GHSA-pf4h-vrv6-cmvr
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2025/06/GHSA-pf4h-vrv6-cmvr/GHSA-pf4h-vrv6-cmvr.json
JSON Data
https://api.osv.dev/v1/vulns/GHSA-pf4h-vrv6-cmvr
Aliases
Published
2025-06-20T14:56:53Z
Modified
2025-06-27T23:26:42.895Z
Severity
  • 6.1 (Medium) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N CVSS Calculator
Summary
DNN.PLATFORM Allows Reflected Cross-Site Scripting (XSS) in some TokenReplace situations with SkinObjects
Details

DNN.PLATFORM allows specially crafted content in URLs could be used with TokenReplace and not be properly sanitized by some SkinObjects. This vulnerability is fixed in 10.0.1.

Database specific
{
    "github_reviewed": true,
    "github_reviewed_at": "2025-06-20T14:56:53Z",
    "nvd_published_at": "2025-06-21T03:15:24Z",
    "cwe_ids": [
        "CWE-79"
    ],
    "severity": "MODERATE"
}
References

Affected packages

NuGet / DNN.PLATFORM

Package

Affected ranges

Type
ECOSYSTEM
Events
Introduced
6.0.0
Fixed
10.0.1

Affected versions

7.*

7.2.0
7.3.0
7.4.0

8.*

8.0.0

9.*

9.1.0
9.2.0
9.4.0
9.9.0