CVE-2025-59548
BaseFortify
Publication date: 2025-09-23
Last updated on: 2025-09-29
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| dnnsoftware | dotnetnuke | to 10.1.0 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-79 | The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. |
Attack-Flow Graph
AI Powered Q&A
What immediate steps should I take to mitigate this vulnerability?
Upgrade DNN (DotNetNuke) to version 10.1.0 or later, as this version contains the patch for the javascript injection vulnerability in the FileBrowser. Additionally, avoid clicking on suspicious or specially crafted URLs targeting the FileBrowser until the upgrade is applied.
Can you explain this vulnerability to me?
This vulnerability affects DNN (DotNetNuke) versions prior to 10.1.0, where specially crafted URLs to the FileBrowser can lead to JavaScript injection. This means that if a user clicks on such a malicious link, arbitrary JavaScript code could be executed in their browser, potentially compromising their session or data. The issue has been fixed in version 10.1.0.
How can this vulnerability impact me? :
The vulnerability can impact users by allowing attackers to execute malicious JavaScript code in their browsers when they click on crafted URLs. This can lead to session hijacking, data theft, or other malicious actions affecting the user's interaction with the DNN platform.