Primary

Context

DNN ImageHandler Query String Injection Vulnerability

Vulnerability

Patched

A vulnerability in DNN (DotNetNuke) ImageHandler allows for text injection via a crafted URL query string. This text is rendered in an image, potentially misleading users who trust the domain. The issue is present in DNN versions prior to 9.13.4.

Impact

Exploitation of this vulnerability could lead to the injection of misleading text into images, causing users to mistakenly trust the information as legitimate.

Remediation

Users can update to DNN version 9.13.4 or later to address this vulnerability.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

5.2

impact

0.6

exploitability

7.2

remediation

7.7

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

5.2

impact

0.6

exploitability

7.2

remediation

7.7

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

DNN ImageHandler Query String Injection Vulnerability

Vulnerability

Impact

Remediation

Affected Products

DNN

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating