The Title That Stole Your Session: Deep Dive into CVE-2026-24838
Vulnerability ID: CVE-2026-24838
CVSS Score: 9.1
Published: 2026-01-28
A critical Stored Cross-Site Scripting (XSS) vulnerability exists in the DNN (DotNetNuke) Platform's module title rendering logic. By injecting malicious scripts into the 'Module Title' field, authenticated attackers with module-editing privileges can execute arbitrary JavaScript in the context of any user visiting the affected page, including SuperUsers. This vulnerability marks a classic failure of input sanitization in rich text environments.
TL;DR
DNN Platform failed to sanitize HTML in Module Titles, allowing admins to plant Stored XSS payloads. This allows lower-privileged admins to hijack SuperUser sessions. Fixed in 9.13.10 and 10.2.0 via a new HtmlSanitizer integration.
⚠️ Exploit Status: POC
Technical Details
- CWE ID: CWE-79
- Attack Vector: Network
- CVSS Score: 9.1 (Critical)
- EPSS Score: 0.00044
- Privileges: High (Module Edit)
- Exploit Status: PoC Available
Affected Systems
- DNN Platform
-
DNN Platform: < 9.13.10 (Fixed in:
9.13.10) -
DNN Platform: >= 10.0.0 < 10.2.0 (Fixed in:
10.2.0)
Code Analysis
Commit: 4a4bcbc
Adds module header and footer settings and integrates HtmlSanitizer
public static string CleanOutOfJavascript(string htmlInput) { ... var sanitizer = new HtmlSanitizer(); ... }
Exploit Details
- N/A: Vulnerability disclosed in GitHub Security Advisory
Mitigation Strategies
- Input Sanitization via HtmlSanitizer
- Content Security Policy (CSP) implementation
- Role-Based Access Control (RBAC) hardening
Remediation Steps:
- Upgrade DNN Platform to version 9.13.10 or 10.2.0 immediately.
- Verify 'AllowJsInModuleHeaders' is disabled in Portal Settings if not strictly required.
- Audit all existing Module Titles in the database for suspicious script tags (post-incident forensics).
References
Read the full report for CVE-2026-24838 on our website for more details including interactive diagrams and full exploit analysis.
Top comments (0)