Security: dnnsoftware/Dnn.Platform
Security Advisories
View known security vulnerabilities and report new vulnerabilities privately to maintainers.
-
Reflected Cross-Site Scripting (XSS) in some TokenReplace situations with SkinObjectsGHSA-pf4h-vrv6-cmvr published
Jun 20, 2025 by valadasModerate -
Stored Cross-Site Scripting (XSS) possible with svg files rendered inlineGHSA-m4hf-fxcg-cp34 published
May 23, 2025 by valadasModerate -
Stored Cross-Site Scripting (XSS) in Activity FeedGHSA-wwc9-wmm3-2pmf published
Jun 20, 2025 by valadasModerate -
Stored Cross-Site Scripting (XSS) in Profile Biography fieldGHSA-7rcc-q6rq-jpcm published
Sep 22, 2025 by valadasModerate -
Reflected Cross-Site Scripting (XSS) in CKEditor File BrowserGHSA-5fj9-542v-w4rq published
Sep 23, 2025 by valadasModerate -
Reflected Cross-Site Scripting (XSS) in module actions in edit modeGHSA-79m3-rvx2-3qq9 published
May 23, 2025 by valadasModerate -
Site Import could use an external source with a crafted requestGHSA-62mf-vhhw-xmf8 published
May 23, 2025 by valadasLow -
A registered user may enumerate and access files they should not have access toGHSA-vxcm-4rwh-chpc published
Apr 8, 2025 by valadasModerate -
Server-Side Request Forgery (SSRF) in DotNetNuke.CoreGHSA-3f7v-qx94-666m published
Apr 8, 2025 by valadasModerate -
Loading unused themes on annonymous clients through query parametersGHSA-wq2j-w9pm-7x2p published
Sep 22, 2025 by valadasModerate