CVE-2026-40321 - Vulnerability Details

- DotNetNuke.Core has stored cross-site-scripting (XSS) via SVG upload

Description

DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Prior to version 10.2.2, a user could upload a specially crafted SVG file that could include scripts that can target both authenticated and unauthenticated DNN users. The impact is increased if the scripts are run by a power user. Version 10.2.2 patches the issue.

Published: 2026-04-17

Score: 8.1 High

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Impact

A vulnerability in DNN Platform prior to version 10.2.2 allows an attacker to upload a specially crafted SVG file that may contain malicious scripts. The scripts are stored and later rendered by the platform, enabling cross‑site scripting attacks that affect both authenticated and unauthenticated users. If the victim is a privileged user, the impact extends to higher‑privilege accounts, potentially leading to session hijacking or data theft.

Affected Systems

The issue affects installations of DNN Platform up to but not including version 10.2.2. The affected product is DNN Platform (formerly DotNetNuke) by dnnsoftware. Users of any deployment of the CMS that has not applied the 10.2.2 update are vulnerable.

Risk and Exploitability

The CVSS score of 8.1 indicates high severity. No EPSS score is available, and the vulnerability is not listed in CISA's KEV catalog. The vulnerability can be exploited by uploading a malicious SVG file through the web interface;unauthenticated visitors can trigger the payload via public upload endpoints, while authenticated users can be targeted as well. No special prerequisites beyond access to an upload page are needed, making it readily exploitable for attackers. The likely attack vector is a web‑based file upload.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

dnnsoftware

Dnn.Platform

affected

Version	Status	Constraints
`< 10.2.2`	affected	—

Configuration 1 [-]

cpe:2.3:a:dnnsoftware:dotnetnuke:*:*:*:*:*:*:*:*

No data.

Vendor Product Confidence Versions

Dnnsoftware

Dnn Platform

100%

Version	Status	Scheme	Platform
`[0,10.2.2)`	affected	semver	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Apply the vendor patch to DNN Platform 10.2.2 or later.
Disable or restrict SVG file uploads in the CMS configuration, allowing only safe file types.
Sanitize all uploaded files and remove embedded scripts before storing or serving them.

Generated by OpenCVE AI on April 18, 2026 at 08:54 UTC.

Tracking

Sign in to view the affected projects.

Advisories

Source	ID	Title
Github GHSA	GHSA-ffq7-898w-9jc4	DotNetNuke.Core has stored cross-site-scripting (XSS) via SVG upload

No CVSS v4.0

Attack Vector Network

Attack Complexity High

Privileges Required Low

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00043.

Exploitation none

Automatable no

Technical Impact total

References

Link	Providers
https://github.com/dnnsoftware/Dnn.Platform/releases/tag/v10.2.2
https://github.com/dnnsoftware/Dnn.Platform/security/advisories/GHSA-ffq7-898w-9jc4

History

Fri, 24 Apr 2026 14:45:00 +0000

Type	Values Removed	Values Added
First Time appeared		Dnnsoftware dotnetnuke
CPEs		cpe:2.3:a:dnnsoftware:dotnetnuke::::::::
Vendors & Products		Dnnsoftware dotnetnuke

Mon, 20 Apr 2026 16:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Fri, 17 Apr 2026 22:45:00 +0000

Type	Values Removed	Values Added
First Time appeared		Dnnsoftware Dnnsoftware dnn Platform
Vendors & Products		Dnnsoftware Dnnsoftware dnn Platform

Fri, 17 Apr 2026 21:30:00 +0000

Type	Values Removed	Values Added
Description		DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Prior to version 10.2.2, a user could upload a specially crafted SVG file that could include scripts that can target both authenticated and unauthenticated DNN users. The impact is increased if the scripts are run by a power user. Version 10.2.2 patches the issue.
Title		DotNetNuke.Core has stored cross-site-scripting (XSS) via SVG upload
Weaknesses		CWE-87
References		https://github.com/dnnsoftware/Dnn.Platform/releases/tag/v10.2.2 https://github.com/dnnsoftware/Dnn.Platform/security/advisories/GHSA-ffq7-898w-9jc4
Metrics		cvssV3_1 `{'score': 8.1, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H'}`

Subscriptions

Dnnsoftware Dnn Platform Dotnetnuke

MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published: 2026-04-17T21:10:33.192Z

Updated: 2026-04-22T03:55:44.141Z

Reserved: 2026-04-10T21:41:54.505Z

Link: CVE-2026-40321

Vulnrichment

Updated: 2026-04-20T16:00:52.230Z

NVD

Status : Analyzed

Published: 2026-04-17T22:16:32.653

Modified: 2026-04-24T14:41:30.220

Link: CVE-2026-40321

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-04-18T09:00:05Z

Weaknesses

CWE-87

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Network

Attack Complexity High

Privileges Required Low

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

Exploitation none

Automatable no

Technical Impact total

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object