Launch Week Day 1: Announcing Security Design Review
Start for Free
HIGH 7.6 NuGet

DotNetNuke.Core Vulnerable to Stored XSS in Scheduler LogNotes

GHSA-2g5g-hcgh-q3rp · CVE-2026-24836

Published · Modified

Description

Extensions could write richtext in log notes which can include scripts that would run in the PersonaBar when displayed.

References

Ready to move

Start Securing

Start for Free Get Demo

Free, no credit card | First findings in minutes