User Interface (UI) Misrepresentation of Critical Information

CVE-2025-32371

Medium

4.3/10

Summary

DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. In versions through 9.13.3 a url could be crafted to the DNN ImageHandler to render text from a querystring parameter. This text would display in the resulting image and a user that trusts the domain might think that the information is legitimate. This vulnerability is fixed in 9.13.4.

Attack Complexity: LOW
Attack Vector: NETWORK
Integrity Impact: LOW
Scope: UNCHANGED
User Interaction: REQUIRED
Privileges Required: NONE
Confidentiality Impact: NONE
Availability Impact: NONE

CWE-451 - User Interface (UI) Misrepresentation of Critical Information

The user interface (UI) does not properly represent critical information to the user, allowing the information - or its source - to be obscured or spoofed. This is often a component in phishing attacks.

References

Advisory
Pull request

Advisory Timeline

Published Apr 09, 2025

User Interface (UI) Misrepresentation of Critical Information

CVE-2025-32371

Summary

CWE-451 - User Interface (UI) Misrepresentation of Critical Information

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS