CVE-2026-24836: DotNetNuke.Core Vulnerable to Stored XSS in Scheduler LogNotes

January 28, 2026

Extensions could write richtext in log notes which can include scripts that would run in the PersonaBar when displayed.

References

github.com/advisories/GHSA-2g5g-hcgh-q3rp
github.com/dnnsoftware/Dnn.Platform
github.com/dnnsoftware/Dnn.Platform/security/advisories/GHSA-2g5g-hcgh-q3rp
nvd.nist.gov/vuln/detail/CVE-2026-24836

Code Behaviors & Features

Detect and mitigate CVE-2026-24836 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →