CVE-2025-48377 – DNN Cross-Site Scripting Vulnerability

May 23, 2025

CVE ID : CVE-2025-48377

Published : May 23, 2025, 4:15 p.m. | 2 hours, 37 minutes ago

Description : DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Prior to version 9.13.9, a specially crafted URL may be constructed which can inject an XSS payload that is triggered by using some module actions. Version 9.13.9 fixes the issue.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-48378 – DNN XSS Through SVG Upload

Next Article CVE-2025-48376 – DNN External URL Site Export RCE

Highlights

CVE-2025-47436 – Apache ORC Heap-based Buffer Overflow Vulnerability

May 14, 2025

CVE ID : CVE-2025-47436

Published : May 14, 2025, 2:15 p.m. | 51 minutes ago

Description : Heap-based Buffer Overflow vulnerability in Apache ORC.

A vulnerability has been identified in the ORC C++ LZO decompression logic, where specially crafted malformed ORC files can cause the decompressor to allocate a 250-byte buffer but then attempts to copy 295 bytes into it. It causes memory corruption.

This issue affects Apache ORC C++ library: through 1.8.8, from 1.9.0 through 1.9.5, from 2.0.0 through 2.0.4, from 2.1.0 through 2.1.1.

Users are recommended to upgrade to version 1.8.9, 1.9.6, 2.0.5, and 2.1.2, which fix the issue.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

A Week In The Life Of An AI-Augmented Designer

This week in AI updates: Gemini Code Assist Agent Mode, GitHub’s Agents panel, and more (August 22, 2025)

Microsoft adds Copilot-powered debugging features for .NET in Visual Studio

Blackstone portfolio company R Systems Acquires Novigo Solutions, Strengthening its Product Engineering and Full-Stack Agentic-AI Capabilities

I found the ultimate MacBook Air alternative for Windows users – and it’s priced well

Outdated IT help desks are holding businesses back – but there is a solution

Android’s latest update can force apps into dark mode – how to see it now

I tried the Google Pixel Watch 4 – and these key features made it feel indispensable

Building Cross-Platform Alerts with Laravel’s Notification Framework

Building Cross-Platform Alerts with Laravel’s Notification Framework

Add Notes Functionality to Eloquent Models With the Notable Package

How to install OpenPlatform — IoT platform

Basics of Digital Forensics

Basics of Digital Forensics

Top Linux Server Automation Tools: Simplifying System Administration

Rising from the Ashes: How AlmaLinux and Rocky Linux Redefined the Post-CentOS Landscape

CVE-2025-48377 – DNN Cross-Site Scripting Vulnerability

“What happens online stays online” and other cyberbullying myths, debunked

The need for speed: Why organizations are turning to rapid, trustworthy MDR

CISA Adds Actively Exploited Broadcom and Commvault Flaws to KEV Database

I replaced my OnePlus with this $700 Motorola flip phone, and it’s spoiled me big time

Amazon DynamoDB data modeling for Multi-tenancy – Part 3

UDP Vulnerability in Windows Deployment Services Allows 0-Click System Crashes

CVE-2025-47436 – Apache ORC Heap-based Buffer Overflow Vulnerability

Aiffro K100 All-SSD NAS running Linux: Introduction to the Series

Lexie Hull Mrs Steal Yo Job SHirt

CVE‑2025‑27210 & CVE‑2025‑27209: Two high‑severity vulnerabilities in Node.js

CVE-2025-48377 – DNN Cross-Site Scripting Vulnerability

Related Posts