{"id":"CVE-2025-32371","summary":"Unexpected external content may be displayed in DNN ImageHandler","details":"DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. A url could be crafted to the DNN ImageHandler to render text from a querystring parameter. This text would display in the resulting image and a user that trusts the domain might think that the information is legitimate. This vulnerability is fixed in 9.13.4.","aliases":["GHSA-2rrc-g594-rhqw"],"modified":"2026-04-15T04:49:15.769409Z","published":"2025-04-09T15:14:29.025Z","database_specific":{"cwe_ids":["CWE-451"],"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/32xxx/CVE-2025-32371.json","cna_assigner":"GitHub_M"},"references":[{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/32xxx/CVE-2025-32371.json"},{"type":"ADVISORY","url":"https://github.com/dnnsoftware/Dnn.Platform/security/advisories/GHSA-2rrc-g594-rhqw"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2025-32371"},{"type":"FIX","url":"https://github.com/dnnsoftware/Dnn.Platform/commit/5def7cc2e7931bb1041b21540bde99f96874a5a9"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/dnnsoftware/dnn.platform","events":[{"introduced":"0"},{"fixed":"b53b76ec77cb5c9deacc1de70b56fb1e1ecd73ff"},{"fixed":"5def7cc2e7931bb1041b21540bde99f96874a5a9"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"9.13.4"}]}}],"versions":["v9.1.0","v9.10.0","v9.10.0-rc1","v9.10.1","v9.10.1-rc1","v9.10.2","v9.11.0","v9.11.0-rc4","v9.11.1","v9.11.1-rc1","v9.11.2","v9.11.2-rc1","v9.12.0","v9.12.0-rc1","v9.13.0","v9.13.0-rc1","v9.13.0-rc3","v9.13.1","v9.13.2","v9.13.2-rc1","v9.13.3","v9.3.0-rc0","v9.3.0-rc1","v9.4.0","v9.4.0-rc0","v9.4.0-rc1","v9.4.1","v9.4.1-rc1","v9.4.2","v9.4.2-rc1","v9.4.3","v9.4.3-rc1","v9.4.4","v9.5.0","v9.5.0-rc1","v9.5.0-rc2","v9.6.0","v9.6.0-rc1","v9.6.1","v9.6.2","v9.7.0","v9.7.1","v9.7.2","v9.8.0","v9.8.0-rc1","v9.8.1","v9.8.1-rc1","v9.9.0","v9.9.1","v9.9.1-rc1"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-32371.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"}]}