Trust Issues: Weaponizing DNN Module Headers for Stored XSS
Vulnerability ID: CVE-2026-24784
CVSS Score: 6.8
Published: 2026-01-28
A high-impact Stored Cross-Site Scripting (XSS) vulnerability in the DNN (DotNetNuke) Platform allows privileged content editors to inject malicious JavaScript into module headers and footers. This flaw facilitates horizontal and vertical privilege escalation, enabling attackers to hijack administrator sessions by simply modifying module layout settings.
TL;DR
DNN Platform trusts its content editors a little too much. By injecting scripts into the 'Header' or 'Footer' fields of a module's settings, a user with edit rights can store a payload that executes against anyone viewing the page—including SuperUsers. This allows for total site takeover via session hijacking.
⚠️ Exploit Status: POC
Technical Details
- Vulnerability Type: Stored Cross-Site Scripting (XSS)
- Attack Vector: Network (Authenticated)
- CVSS v3.1: 6.8 (Medium)
- CWE ID: CWE-79
- Privileges Required: High (Content Editor)
- Impact: Session Hijacking / Privilege Escalation
Affected Systems
- DNN Platform
-
DNN Platform: 9.0.0 <= Version < 9.13.10 (Fixed in:
9.13.10) -
DNN Platform: 10.0.0 <= Version < 10.2.0 (Fixed in:
10.2.0)
Code Analysis
Commit: 53cdf47
Fix for Stored XSS in Module Settings Header/Footer
Mitigation Strategies
- Input Sanitization via PortalSecurity.Instance.InputFilter
- Strict Role-Based Access Control (RBAC)
- WAF Payload Inspection
Remediation Steps:
- Backup the DNN SQL Database and file system.
- Download the upgrade package for DNN Platform 9.13.10 or 10.2.0.
- Apply the upgrade package via the Install wizard.
- Verify the fix by attempting to save a safe HTML string in a module header and ensuring dangerous tags are stripped.
References
Read the full report for CVE-2026-24784 on our website for more details including interactive diagrams and full exploit analysis.
Top comments (0)