CVE-2026-24836

high Microsoft
CVSS v3 Base Score
7.6
CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H
EPSS Score
0.0%
Exploitation probability in 30 days
Top 98% most likely to be exploited
Attack Characteristics
Attack Vector
Network
Attack Complexity
High
Privileges Required
High
User Interaction
Required
Confidentiality
High
Integrity
High
Availability
High
Published: January 28, 2026 (107 days ago)
Last Modified: February 4, 2026
Vendor: Microsoft

Description

DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Starting in version 9.0.0 and prior to versions 9.13.10 and 10.2.0, extensions could write richtext in log notes which can include scripts that would run in the PersonaBar when displayed. Versions 9.13.10 and 10.2.0 contain a fix for the issue.

CWE

CWE-79

Affected Products

dnnsoftware dotnetnuke

References

🔗 github.com