Security Advisories · dnnsoftware/Dnn.Platform · GitHub

Security Advisories

View known security vulnerabilities and report new vulnerabilities privately to maintainers.

Report a vulnerability

Insufficient Access Control - Image Upload allows for Site Content Overwrite
GHSA-3m8r-w7xg-jqvw published Oct 28, 2025 by valadas

Critical
Stored cross-site-scripting (XSS) via SVG upload
GHSA-hmvq-8p83-cq52 published Oct 28, 2025 by valadas

Moderate
CKEditor Provider allows unauthenticated upload out-of-the-box
GHSA-2374-6cvw-qmx6 published Oct 28, 2025 by valadas

Moderate
Vulnerability in CKEditor's File Uploader functionality through Unicode obfuscation
GHSA-cgqj-mw4m-v7hp published Sep 23, 2025 by valadas

Moderate
NTLM hash leakage via SMB Share Interaction with malicious user input
GHSA-mgfv-2362-jq96 published Jun 20, 2025 by valadas

High
Stored XSS Using Backend Admin Credentials
GHSA-gj8m-5492-q98h published Sep 23, 2025 by valadas

Low
Possible Denial of Service (DoS) in DNN.PLATFORM registration
GHSA-vc6j-mcqj-rgfp published Apr 8, 2025 by valadas

Moderate
Possibly bypass of IP Filters
GHSA-fjhg-3mrh-mm7h published Jun 20, 2025 by valadas

High
Reflected Cross-Site Scripting (XSS) using url to profile
GHSA-jc4g-c8ww-5738 published Sep 23, 2025 by valadas

Moderate
Stored Cross-Site Scripting (XSS) in Prompt module
GHSA-2qxc-mf4x-wr29 published Sep 22, 2025 by valadas

Critical