CVE-2025-59821 MEDIUM

CVE-2025-59821: DNN vulnerable to Reflected Cross-Site Scripting (XSS) using url to profile

Vendor Dnnsoftware

Product Dnn.Platform

Weakness CWE-79 · XSS

Published September 23, 2025

Last update September 23, 2025

View on NVD All CVEs

CVSS base score

6.5/10

Attack vector Network

Attack complexity Low

Privileges required None

User interaction Required

Confidentiality High

Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

What the vulnerability does

01Description

DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Prior to version 10.1.0, DNN’s URL/path handling and template rendering can allow specially crafted input to be reflected into a user profile that is returned to the browser. In these cases, the application does not sufficiently neutralize or encode characters that are meaningful in HTML, so an attacker can cause a victim’s browser to interpret attacker-controlled content as part of the page’s HTML. This issue has been patched in version 10.1.0.

Key dates

02Disclosure timeline

September 23, 2025 CVE published

September 23, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2025-59821

Related vulnerabilities

CVE-2025-59821: DNN vulnerable to Reflected Cross-Site Scripting (XSS) using url to profile

01Description

02Disclosure timeline

03References

04Related CVE