Vulnerability Details CVE-2026-24836
DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Starting in version 9.0.0 and prior to versions 9.13.10 and 10.2.0, extensions could write richtext in log notes which can include scripts that would run in the PersonaBar when displayed. Versions 9.13.10 and 10.2.0 contain a fix for the issue.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 12.2%
CVSS Severity
CVSS v3 Score 7.6
Products affected by CVE-2026-24836
-
cpe:2.3:a:dnnsoftware:dotnetnuke:10.0.0
-
cpe:2.3:a:dnnsoftware:dotnetnuke:10.0.1
-
cpe:2.3:a:dnnsoftware:dotnetnuke:10.1.0
-
cpe:2.3:a:dnnsoftware:dotnetnuke:10.1.1
-
cpe:2.3:a:dnnsoftware:dotnetnuke:9.0.0
-
cpe:2.3:a:dnnsoftware:dotnetnuke:9.0.1
-
cpe:2.3:a:dnnsoftware:dotnetnuke:9.0.2
-
cpe:2.3:a:dnnsoftware:dotnetnuke:9.1.0
-
cpe:2.3:a:dnnsoftware:dotnetnuke:9.1.1
-
cpe:2.3:a:dnnsoftware:dotnetnuke:9.10.0
-
cpe:2.3:a:dnnsoftware:dotnetnuke:9.10.1
-
cpe:2.3:a:dnnsoftware:dotnetnuke:9.10.2
-
cpe:2.3:a:dnnsoftware:dotnetnuke:9.11.0
-
cpe:2.3:a:dnnsoftware:dotnetnuke:9.11.1
-
cpe:2.3:a:dnnsoftware:dotnetnuke:9.11.2
-
cpe:2.3:a:dnnsoftware:dotnetnuke:9.12.0
-
cpe:2.3:a:dnnsoftware:dotnetnuke:9.13.0
-
cpe:2.3:a:dnnsoftware:dotnetnuke:9.13.1
-
cpe:2.3:a:dnnsoftware:dotnetnuke:9.13.2
-
cpe:2.3:a:dnnsoftware:dotnetnuke:9.13.3
-
cpe:2.3:a:dnnsoftware:dotnetnuke:9.13.4
-
cpe:2.3:a:dnnsoftware:dotnetnuke:9.13.5
-
cpe:2.3:a:dnnsoftware:dotnetnuke:9.13.6
-
cpe:2.3:a:dnnsoftware:dotnetnuke:9.13.7
-
cpe:2.3:a:dnnsoftware:dotnetnuke:9.13.8
-
cpe:2.3:a:dnnsoftware:dotnetnuke:9.13.9
-
cpe:2.3:a:dnnsoftware:dotnetnuke:9.2
-
cpe:2.3:a:dnnsoftware:dotnetnuke:9.2.0
-
cpe:2.3:a:dnnsoftware:dotnetnuke:9.2.1
-
cpe:2.3:a:dnnsoftware:dotnetnuke:9.2.2
-
cpe:2.3:a:dnnsoftware:dotnetnuke:9.3.0
-
cpe:2.3:a:dnnsoftware:dotnetnuke:9.3.1
-
cpe:2.3:a:dnnsoftware:dotnetnuke:9.3.2
-
cpe:2.3:a:dnnsoftware:dotnetnuke:9.4.0
-
cpe:2.3:a:dnnsoftware:dotnetnuke:9.4.4
-
cpe:2.3:a:dnnsoftware:dotnetnuke:9.5.0
-
cpe:2.3:a:dnnsoftware:dotnetnuke:9.6.0
-
cpe:2.3:a:dnnsoftware:dotnetnuke:9.6.1
-
cpe:2.3:a:dnnsoftware:dotnetnuke:9.6.2
-
cpe:2.3:a:dnnsoftware:dotnetnuke:9.7.0
-
cpe:2.3:a:dnnsoftware:dotnetnuke:9.7.1
-
cpe:2.3:a:dnnsoftware:dotnetnuke:9.7.2
-
cpe:2.3:a:dnnsoftware:dotnetnuke:9.8.0
-
cpe:2.3:a:dnnsoftware:dotnetnuke:9.8.1
-
cpe:2.3:a:dnnsoftware:dotnetnuke:9.9.0
-
cpe:2.3:a:dnnsoftware:dotnetnuke:9.9.1