CVE-2025-59548
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-09-23

Last updated on: 2025-09-29

Assigner: GitHub, Inc.

Description
DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Prior to version 10.1.0, specially crafted URLs to the FileBrowser are vulnerable to javascript injection, affecting any unsuspecting user clicking such link. This issue has been patched in version 10.1.0.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-09-23
Last Modified
2025-09-29
Generated
2026-06-16
AI Q&A
2025-09-23
EPSS Evaluated
2026-06-15
NVD
CVE-2025-59548
EUVD
EUVD-2025-30900
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
dnnsoftware dotnetnuke to 10.1.0 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-79 The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Mitigation Strategies

Upgrade DNN (DotNetNuke) to version 10.1.0 or later, as this version contains the patch for the javascript injection vulnerability in the FileBrowser. Additionally, avoid clicking on suspicious or specially crafted URLs targeting the FileBrowser until the upgrade is applied.

Executive Summary

This vulnerability affects DNN (DotNetNuke) versions prior to 10.1.0, where specially crafted URLs to the FileBrowser can lead to JavaScript injection. This means that if a user clicks on such a malicious link, arbitrary JavaScript code could be executed in their browser, potentially compromising their session or data. The issue has been fixed in version 10.1.0.

Impact Analysis

The vulnerability can impact users by allowing attackers to execute malicious JavaScript code in their browsers when they click on crafted URLs. This can lead to session hijacking, data theft, or other malicious actions affecting the user's interaction with the DNN platform.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-59548. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart