CVE-2025-52485 – DNN Cross-Site Scripting (XSS) Vulnerability

June 21, 2025

CVE ID : CVE-2025-52485

Published : June 21, 2025, 3:15 a.m. | 3 hours ago

Description : DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. In versions 6.0.0 to before 10.0.1, DNN.PLATFORM allows a specially crafted request to inject scripts in the Activity Feed Attachments endpoint which will then render in the feed. This issue has been patched in version 10.0.1.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-52486 – DNN TokenReplace URL Sanitation Vulnerability

Next Article CVE-2025-52557 – Mail-0’s Zero JavaScript Injection Vulnerability

Highlights

CVE-2025-6660 – PDF-XChange Editor GIF File Parsing Remote Code Execution Vulnerability

June 25, 2025

CVE ID : CVE-2025-6660

Published : June 25, 2025, 10:15 p.m. | 4 hours, 6 minutes ago

Description : PDF-XChange Editor GIF File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.

The specific flaw exists within the parsing of GIF files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-26763.

Severity: 7.8 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE-2025-44904 – Apache HDF5 Heap Buffer Overflow

May 30, 2025

That Google email look real? Don’t click – it might be scam. Here’s how to tell

April 18, 2025

After 14 years, Monster Hunter Wilds is bringing back underwater combat alongside “Lagiacrus” and another familiar monster — the impossible has happened

June 28, 2025

Error’d: You Talkin’ to Me?

The Psychology Of Trust In AI: A Guide To Measuring And Designing For User Confidence

This week in AI updates: OpenAI Codex updates, Claude integration in Xcode 26, and more (September 19, 2025)

Report: The major factors driving employee disengagement in 2025

Development Release: Zorin OS 18 Beta

Distribution Release: IPFire 2.29 Core 197

Development Release: Ubuntu 25.10 Beta

Development Release: Linux Mint 7 Beta “LMDE”

The attack on the npm ecosystem continues

The attack on the npm ecosystem continues

Feature Highlight

SVAR React Core – New UI Library with 20+ Components

Hyprland Made Easy: Preconfigured Beautiful Distros

Hyprland Made Easy: Preconfigured Beautiful Distros

Development Release: Zorin OS 18 Beta

Distribution Release: IPFire 2.29 Core 197

CVE-2025-52485 – DNN Cross-Site Scripting (XSS) Vulnerability

Cursor AI Code Editor Flaw Enables Silent Code Execution via Malicious Repositories

Introducing HybridPetya: Petya/NotPetya copycat with UEFI Secure Boot bypass

Marathon is doomed — ARC Raiders is already a much better extraction shooter, and I feel bad for Bungie’s developers

CVE-2025-1700 – Motorola Software Fix DLL Hijacking Privilege Escalation

Rilasciata RefreshOS 2.5: La distribuzione GNU/Linux basata su Debian per tutti

CVE-2025-37827 – Here is a title for the vulnerability: “btrfs: RAID1 Profile Write Pointer Offset Mismatch NULL Pointer Dereference”

CVE-2025-6660 – PDF-XChange Editor GIF File Parsing Remote Code Execution Vulnerability

CVE-2025-44904 – Apache HDF5 Heap Buffer Overflow

That Google email look real? Don’t click – it might be scam. Here’s how to tell

After 14 years, Monster Hunter Wilds is bringing back underwater combat alongside “Lagiacrus” and another familiar monster — the impossible has happened

CVE-2025-52485 – DNN Cross-Site Scripting (XSS) Vulnerability

Related Posts