CVE-2025-59545
BaseFortify
Publication date: 2025-09-23
Last updated on: 2025-09-29
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| dnnsoftware | dotnetnuke | to 10.1.0 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-79 | The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in the Prompt module of DNN (DotNetNuke) versions prior to 10.1.0. It allows execution of commands that can return raw HTML. Malicious input, even if sanitized for display elsewhere, can be executed when processed through certain commands, leading to potential cross-site scripting (XSS) attacks.
How can this vulnerability impact me? :
This vulnerability can lead to cross-site scripting (XSS) attacks, which may allow attackers to execute malicious scripts in the context of the affected web application. This can result in data theft, session hijacking, defacement, or other harmful actions impacting confidentiality, integrity, and availability of the system.
What immediate steps should I take to mitigate this vulnerability?
Upgrade DNN (DotNetNuke) to version 10.1.0 or later, as this version contains the patch that fixes the vulnerability in the Prompt module allowing command execution leading to XSS.