DNN.PLATFORM Allows Reflected Cross-Site Scripting (XSS) in some TokenReplace situations with SkinObjects

GHSA-pf4h-vrv6-cmvr · CVE-2025-52486

Published Jun 20, 2025 · Modified Sep 15, 2025

Description

DNN.PLATFORM allows specially crafted content in URLs could be used with TokenReplace and not be properly sanitized by some SkinObjects. This vulnerability is fixed in 10.0.1.

References

WEB https://github.com/dnnsoftware/Dnn.Platform/security/advisories/GHSA-pf4h-vrv6-cmvr
ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2025-52486
WEB https://github.com/dnnsoftware/Dnn.Platform/commit/74f6de68da1572c1d7e9c6e30e9f77f7c5596b1b
PACKAGE https://github.com/dnnsoftware/Dnn.Platform

Ready to move

Start Securing

Start for Free Get Demo

Free, no credit card | First findings in minutes