GHSA-7rcc-q6rq-jpcm: DNN affected by Stored Cross-Site Scripting (XSS) in Profile Biography field

September 22, 2025

Users can use special syntax to inject javascript code in their profile biography field. Although there was sanitization in place, it did not cover all possible scenarios

References

github.com/advisories/GHSA-7rcc-q6rq-jpcm
github.com/dnnsoftware/Dnn.Platform
github.com/dnnsoftware/Dnn.Platform/security/advisories/GHSA-7rcc-q6rq-jpcm

Code Behaviors & Features

Detect and mitigate GHSA-7rcc-q6rq-jpcm with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →