CVE-2026-24837
📋 TL;DR
This vulnerability allows attackers to inject malicious scripts into DNN module friendly names, which then execute during certain Persona Bar operations. It affects DNN CMS versions 9.0.0 through 9.13.9 and 10.0.0 through 10.1.x. Attackers with module management privileges can exploit this to perform cross-site scripting attacks.
💻 Affected Systems
- DNN Platform (formerly DotNetNuke)
📦 What is this software?
Dotnetnuke by Dnnsoftware
Dotnetnuke by Dnnsoftware
⚠️ Risk & Real-World Impact
Worst Case
Privileged attacker executes arbitrary JavaScript in admin context, potentially stealing admin credentials, performing administrative actions, or compromising the entire CMS installation.
Likely Case
Authenticated user with module management privileges injects malicious scripts that execute when other administrators view or manage modules, leading to session hijacking or limited administrative actions.
If Mitigated
With proper access controls limiting module management to trusted administrators only, impact is reduced to potential privilege escalation among administrative users.
🎯 Exploit Status
Exploitation requires authenticated access with module management permissions. The vulnerability is in the Persona Bar interface which is enabled by default.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 9.13.10 or 10.2.0
Vendor Advisory: https://github.com/dnnsoftware/Dnn.Platform/security/advisories/GHSA-vm5q-8qww-h238
Restart Required: Yes
Instructions:
1. Backup your DNN installation and database. 2. Download DNN Platform version 9.13.10 or 10.2.0 from the official repository. 3. Follow the standard DNN upgrade procedure for your version. 4. Restart the application pool in IIS. 5. Verify the Persona Bar functions correctly.
🔧 Temporary Workarounds
Restrict Module Management Permissions
allLimit module management capabilities to only essential, trusted administrators to reduce attack surface.
Disable Persona Bar for Non-Essential Users
allConfigure DNN to disable Persona Bar access for users who don't require administrative functions.
🧯 If You Can't Patch
- Implement strict input validation and sanitization for all module friendly name fields
- Deploy a web application firewall (WAF) with XSS protection rules
🔍 How to Verify
Check if Vulnerable:
Check DNN version in Host Settings > Host Details. If version is between 9.0.0-9.13.9 or 10.0.0-10.1.x, the system is vulnerable.Check Version:
Check Host Settings in DNN admin panel or examine web.config file for version information.Verify Fix Applied:
After patching, verify version shows 9.13.10 or 10.2.0 in Host Settings. Test module friendly name fields to ensure script tags are properly sanitized.📡 Detection & Monitoring
Log Indicators:
- Unusual module creation/modification events
- Suspicious strings in module friendly name fields
- JavaScript execution errors in Persona Bar
Network Indicators:
- Unexpected JavaScript payloads in HTTP requests to module management endpoints
SIEM Query:
source="dnn_logs" AND (event="module_update" OR event="module_create") AND (friendly_name CONTAINS "<script>" OR friendly_name CONTAINS "javascript:")