Reflected Cross-Site Scripting (XSS) in module actions in edit mode · CVE-2025-48377 · GitHub Advisory Database · GitHub

Reflected Cross-Site Scripting (XSS) in module actions in edit mode

Moderate severity GitHub Reviewed Published May 23, 2025 in dnnsoftware/Dnn.Platform • Updated May 23, 2025

Package

DotNetNuke.Core (NuGet)

Affected versions

< 9.13.9

Patched versions

9.13.9

DotNetNuke.Web (NuGet)

< 9.13.9

9.13.9

Description

A specially crafted URL may be constructed which can inject an XSS payload that is triggered by using some module actions.

References

valadas published to dnnsoftware/Dnn.Platform

May 23, 2025

Published by the National Vulnerability Database

May 23, 2025

Published to the GitHub Advisory Database May 23, 2025

Reviewed May 23, 2025

Last updated May 23, 2025

Severity

Moderate

/ 10

CVSS v4 base metrics

Exploitability Metrics

Attack Vector Network

Attack Complexity Low

Attack Requirements None

Privileges Required Low

User interaction Active

Vulnerable System Impact Metrics

Confidentiality None

Integrity None

Availability None

Subsequent System Impact Metrics

Confidentiality High

Integrity None

Availability None

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N