CVE-2026-24836

high

Microsoft

CVSS v3 Base Score

7.6

CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H

Published: January 28, 2026

Last Modified: February 4, 2026

Vendor: Microsoft

Description

DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Starting in version 9.0.0 and prior to versions 9.13.10 and 10.2.0, extensions could write richtext in log notes which can include scripts that would run in the PersonaBar when displayed. Versions 9.13.10 and 10.2.0 contain a fix for the issue.

CWE

CWE-79

Affected Products

dnnsoftware dotnetnuke

References

🔗 github.com

CVE-2026-24836

Vulnerability Report

Description

CWE

Affected Products

References