CVE-2025-48377 – DNN Cross-Site Scripting Vulnerability

May 23, 2025

CVE ID : CVE-2025-48377

Published : May 23, 2025, 4:15 p.m. | 2 hours, 37 minutes ago

Description : DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Prior to version 9.13.9, a specially crafted URL may be constructed which can inject an XSS payload that is triggered by using some module actions. Version 9.13.9 fixes the issue.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-48378 – DNN XSS Through SVG Upload

Next Article CVE-2025-48376 – DNN External URL Site Export RCE

Highlights

CVE-2025-37987 – Linux PDS Core AdminQ Overflow/Stuck Condition Vulnerability

May 20, 2025

CVE ID : CVE-2025-37987

Published : May 20, 2025, 6:15 p.m. | 34 minutes ago

Description : In the Linux kernel, the following vulnerability has been resolved:

pds_core: Prevent possible adminq overflow/stuck condition

The pds_core’s adminq is protected by the adminq_lock, which prevents
more than 1 command to be posted onto it at any one time. This makes it
so the client drivers cannot simultaneously post adminq commands.
However, the completions happen in a different context, which means
multiple adminq commands can be posted sequentially and all waiting
on completion.

On the FW side, the backing adminq request queue is only 16 entries
long and the retry mechanism and/or overflow/stuck prevention is
lacking. This can cause the adminq to get stuck, so commands are no
longer processed and completions are no longer sent by the FW.

As an initial fix, prevent more than 16 outstanding adminq commands so
there’s no way to cause the adminq from getting stuck. This works
because the backing adminq request queue will never have more than 16
pending adminq commands, so it will never overflow. This is done by
reducing the adminq depth to 16.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

A Week In The Life Of An AI-Augmented Designer

This week in AI updates: Gemini Code Assist Agent Mode, GitHub’s Agents panel, and more (August 22, 2025)

Microsoft adds Copilot-powered debugging features for .NET in Visual Studio

Blackstone portfolio company R Systems Acquires Novigo Solutions, Strengthening its Product Engineering and Full-Stack Agentic-AI Capabilities

I found the ultimate MacBook Air alternative for Windows users – and it’s priced well

Outdated IT help desks are holding businesses back – but there is a solution

Android’s latest update can force apps into dark mode – how to see it now

I tried the Google Pixel Watch 4 – and these key features made it feel indispensable

Building Cross-Platform Alerts with Laravel’s Notification Framework

Building Cross-Platform Alerts with Laravel’s Notification Framework

Add Notes Functionality to Eloquent Models With the Notable Package

How to install OpenPlatform — IoT platform

Basics of Digital Forensics

Basics of Digital Forensics

Top Linux Server Automation Tools: Simplifying System Administration

Rising from the Ashes: How AlmaLinux and Rocky Linux Redefined the Post-CentOS Landscape

CVE-2025-48377 – DNN Cross-Site Scripting Vulnerability

“What happens online stays online” and other cyberbullying myths, debunked

The need for speed: Why organizations are turning to rapid, trustworthy MDR

New AI-Powered Outlook Is Coming to Microsoft 365 Education Accounts in 2026

Handling JavaScript Event Listeners With Parameters

The AI Fix #62: AI robots can now pass CAPTCHAs, and punch you in the face

Intel’s Core Ultra laptops get a crucial new feature for AI users — and catch up to AMD in the process

CVE-2025-37987 – Linux PDS Core AdminQ Overflow/Stuck Condition Vulnerability

pumpfun trading bots

lanos/laravel-cashier-stripe-connect

CVE-2025-8803 – Open5GS Denial of Service Vulnerability

CVE-2025-48377 – DNN Cross-Site Scripting Vulnerability

Related Posts