CVE-2025-59545: DNN Vulnerable to Stored Cross-Site Scripting (XSS) in the Prompt module

September 23, 2025

The Prompt module allows execution of commands that can return raw HTML. Malicious input, even if sanitized for display elsewhere, can be executed when processed through certain commands, leading to potential script execution (XSS).

References

github.com/advisories/GHSA-2qxc-mf4x-wr29
github.com/dnnsoftware/Dnn.Platform
github.com/dnnsoftware/Dnn.Platform/security/advisories/GHSA-2qxc-mf4x-wr29
nvd.nist.gov/vuln/detail/CVE-2025-59545

Code Behaviors & Features

Detect and mitigate CVE-2025-59545 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →