CVE-2025-59545 CRITICAL

CVE-2025-59545: DNN Vulnerable to Stored Cross-Site Scripting (XSS) in the Prompt module

Vendor Dnnsoftware

Product Dnn.Platform

Weakness CWE-79 · XSS

Published September 23, 2025

Last update September 23, 2025

View on NVD All CVEs

CVSS base score

9.1/10

Attack vector Network

Attack complexity Low

Privileges required Low

User interaction Required

Confidentiality High

Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H

What the vulnerability does

01Description

DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Prior to version 10.1.0, the Prompt module allows execution of commands that can return raw HTML. Malicious input, even if sanitized for display elsewhere, can be executed when processed through certain commands, leading to potential script execution (XSS). This issue has been patched in version 10.1.0.

Key dates

02Disclosure timeline

September 23, 2025 CVE published

September 23, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2025-59545 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/79.html

Related vulnerabilities

CVE-2025-59545: DNN Vulnerable to Stored Cross-Site Scripting (XSS) in the Prompt module

01Description

02Disclosure timeline

03References

04Related CVE