Description
DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Prior to version 10.2.2, a user could upload a specially crafted SVG file that could include scripts that can target both authenticated and unauthenticated DNN users. The impact is increased if the scripts are run by a power user. Version 10.2.2 patches the issue.
Published: 2026-04-17
Score: 8.1 High
EPSS: 7.6% Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A stored cross‑site scripting vulnerability exists in DNN (DotNetNuke) platform versions prior to 10.2.2. An attacker can upload a specially crafted SVG file that contains malicious scripts. When the file is later rendered to any user—authenticated or not—the browser executes the contained scripts in the context of the viewer’s session. The impact is higher when the victim is a privileged user, because the scripts run with that user’s browser privileges.

Affected Systems

The issue affects installations of DNN Platform (formerly DotNetNuke) by dnnsoftware that are running any version before 10.2.2. Any deployment that has not applied the 10.2.2 patch is vulnerable.

Risk and Exploitability

The CVSS score of 8.1 indicates high severity, and the EPSS score of 8 % suggests a moderate likelihood of exploitation. The vulnerability is not listed in CISA’s KEV catalog. The likely attack vector is uploading a malicious SVG file through the web interface; attackers with access to the upload functionality can embed scripts that later execute for all users who view the file.

Generated by OpenCVE AI on June 18, 2026 at 08:59 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the vendor patch to DNN Platform 10.2.2 or later.
  • Disable or restrict SVG file uploads in the CMS configuration, allowing only safe file types.
  • Sanitize all uploaded files and remove embedded scripts before storing or serving them.

Generated by OpenCVE AI on June 18, 2026 at 08:59 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Github GHSA Github GHSA GHSA-ffq7-898w-9jc4 DotNetNuke.Core has stored cross-site-scripting (XSS) via SVG upload
History

Fri, 24 Apr 2026 14:45:00 +0000

Type Values Removed Values Added
First Time appeared Dnnsoftware dotnetnuke
CPEs cpe:2.3:a:dnnsoftware:dotnetnuke:*:*:*:*:*:*:*:*
Vendors & Products Dnnsoftware dotnetnuke

Mon, 20 Apr 2026 16:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Fri, 17 Apr 2026 22:45:00 +0000

Type Values Removed Values Added
First Time appeared Dnnsoftware
Dnnsoftware dnn Platform
Vendors & Products Dnnsoftware
Dnnsoftware dnn Platform

Fri, 17 Apr 2026 21:30:00 +0000

Type Values Removed Values Added
Description DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Prior to version 10.2.2, a user could upload a specially crafted SVG file that could include scripts that can target both authenticated and unauthenticated DNN users. The impact is increased if the scripts are run by a power user. Version 10.2.2 patches the issue.
Title DotNetNuke.Core has stored cross-site-scripting (XSS) via SVG upload
Weaknesses CWE-87
References
Metrics cvssV3_1

{'score': 8.1, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H'}

Subscriptions

Dnnsoftware Dnn Platform Dotnetnuke
cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-04-22T03:55:44.141Z

Reserved: 2026-04-10T21:41:54.505Z

Link: CVE-2026-40321

cve-icon Vulnrichment

Updated: 2026-04-20T16:00:52.230Z

cve-icon NVD

Status : Analyzed

Published: 2026-04-17T22:16:32.653

Modified: 2026-06-17T10:45:01.550

Link: CVE-2026-40321

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-18T09:00:16Z

Weaknesses
  • CWE-87

    Improper Neutralization of Alternate XSS Syntax