CVE-2026-24836

EPSS 0.01%
Veröffentlicht 27.01.2026 23:51:27
Zuletzt bearbeitet 04.02.2026 20:11:52
Quelle security-advisories@github.com
CVE-Watchlists
Login
Unerledigt
Login

DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Starting in version 9.0.0 and prior to versions 9.13.10 and 10.2.0, extensions could write richtext in log notes which can include scripts that would run in the PersonaBar when displayed. Versions 9.13.10 and 10.2.0 contain a fix for the issue.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Dnnsoftware ≫ Dotnetnuke Version >= 9.0.0 < 9.13.10

Dnnsoftware ≫ Dotnetnuke Version >= 10.0.0 < 10.2.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.01%	0.016

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5.4	2.3	2.7	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
security-advisories@github.com	7.6	1	6	CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H

CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

https://github.com/dnnsoftware/Dnn.Platform/security/advisories/GHSA-2g5g-hcgh-q3rp

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2026-24836

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2026-24836

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2026-24836

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2026-24836