CVE-2025-59546 LOW

CVE-2025-59546: DNN Vulnerable to Stored XSS Using Backend Admin Credentials

Vendor Dnnsoftware

Product Dnn.Platform

Weakness CWE-79 · XSS

Published September 23, 2025

Last update September 23, 2025

View on NVD All CVEs

CVSS base score

2.4/10

Attack vector Network

Attack complexity Low

Privileges required High

User interaction Required

Confidentiality None

Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N

What the vulnerability does

01Description

DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Prior to version 10.1.0, administrators and content editors can set html in module titles that could include javascript which could be used for XSS based attacks. This issue has been patched in version 10.1.0.

Key dates

02Disclosure timeline

September 23, 2025 CVE published

September 23, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2025-59546 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/79.html

Related vulnerabilities

CVE-2025-59546: DNN Vulnerable to Stored XSS Using Backend Admin Credentials

01Description

02Disclosure timeline

03References

04Related CVE