GHSA-vm5q-8qww-h238
Suggest an improvement- Source
- https://github.com/advisories/GHSA-vm5q-8qww-h238
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2026/01/GHSA-vm5q-8qww-h238/GHSA-vm5q-8qww-h238.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-vm5q-8qww-h238
- Aliases
- Published
- 2026-01-28T16:34:16Z
- Modified
- 2026-02-03T03:06:32.618766Z
- Severity
-
- 7.6 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H CVSS Calculator
- Summary
- DotNetNuke.Core Vulnerable to Stored XSS in Module Deletion Confirmation Modal
- Details
-
A module friendly name could include scripts that will run during some module operations in the Persona Bar.
- Database specific
{ "github_reviewed_at": "2026-01-28T16:34:16Z", "severity": "HIGH", "cwe_ids": [ "CWE-79" ], "github_reviewed": true, "nvd_published_at": "2026-01-28T00:15:51Z" }- References
Affected packages
NuGet / DotNetNuke.Core
Package
- Name
- DotNetNuke.Core
- View open source insights on deps.dev
- Purl
- pkg:nuget/DotNetNuke.Core
Affected versions
9.*
9.0.0.1002
9.0.1.142
9.1.0.367
9.1.1.129
9.2.0.366
9.2.1.533
9.3.0
9.3.1
9.3.2
9.4.0
9.4.1
9.4.2
9.4.3
9.4.4
9.5.0
9.6.1
9.6.2
9.7.0
9.7.1
9.7.2
9.8.0
9.9.0
9.9.1
9.10.0
9.10.1
9.10.2
9.11.0
9.11.1
9.11.2
9.12.0
9.13.0-ci0000
9.13.0
9.13.1
9.13.2
9.13.3
9.13.4
9.13.5-ci0062
9.13.5
9.13.6
9.13.7-ci0064
9.13.7
9.13.8
9.13.9
NuGet / DotNetNuke.Core
Package
- Name
- DotNetNuke.Core
- View open source insights on deps.dev
- Purl
- pkg:nuget/DotNetNuke.Core