CVE-2026-24784 is a medium-severity cross-site scripting (XSS) vulnerability identified in the Dnn.Platform content management system, a widely used open-source CMS within the Microsoft technology stack. The vulnerability exists in versions starting from 9.0.0 up to versions prior to 9.13.10 and 10.2.0. It arises due to improper neutralization of input during web page generation, specifically in the module header and footer areas where content editors can inject scripts. An authenticated content editor with permissions to modify module headers or footers can embed malicious JavaScript code that executes in the context of other users visiting the affected pages. This can lead to the theft of sensitive information such as session tokens or other confidential data accessible via the browser, thereby compromising confidentiality. The vulnerability does not affect integrity or availability directly and does not require user interaction to trigger once the malicious script is loaded. The CVSS v3.1 score is 6.8, reflecting a medium severity with network attack vector, low attack complexity, and requiring high privileges but no user interaction. The scope is changed (S:C) because the vulnerability affects resources beyond the attacker’s privileges by impacting other users. The issue was addressed in versions 9.13.10 and 10.2.0, which sanitize inputs in module headers and footers to prevent script injection. No public exploits have been reported, but the nature of the vulnerability makes it a potential target for attackers aiming to escalate privileges or conduct targeted attacks on organizations using vulnerable Dnn.Platform versions.

For European organizations, this vulnerability poses a risk primarily to confidentiality, as malicious scripts injected by authorized content editors can execute in the browsers of other users, potentially stealing session cookies, credentials, or other sensitive data. Organizations with public-facing Dnn-based portals or intranets where multiple editors have module header/footer editing rights are particularly vulnerable. The impact is amplified in sectors handling sensitive personal or financial data, such as government, healthcare, and finance. Exploitation could lead to unauthorized access to user accounts or data leakage, undermining trust and compliance with GDPR. While the vulnerability does not directly affect system integrity or availability, the resulting data breaches or account compromises could have significant operational and reputational consequences. The requirement for high privileges limits the attack surface but insider threats or compromised editor accounts could be leveraged by attackers. The lack of known exploits suggests limited active targeting currently, but the medium severity and ease of exploitation once access is obtained warrant proactive mitigation.

European organizations should immediately upgrade all Dnn.Platform instances to version 9.13.10 or later (including 10.2.0 or later) to apply the official fix. Until upgrades are completed, restrict module header and footer editing permissions strictly to trusted administrators and content editors with verified credentials. Implement robust access controls and monitor for unusual editing activity in these modules. Employ Content Security Policy (CSP) headers to limit the execution of unauthorized scripts on web pages. Conduct regular audits of CMS content, especially module headers and footers, to detect and remove any injected scripts. Enhance logging and alerting for changes to critical CMS components. Educate content editors about the risks of script injection and enforce strong authentication mechanisms, such as multifactor authentication, to reduce the risk of account compromise. Finally, integrate vulnerability scanning and penetration testing focused on CMS components to identify similar injection flaws proactively.