ghsa-hmvq-8p83-cq52
Vulnerability from github
Published
2025-10-29 21:47
Modified
2025-10-29 21:47
Severity ?
6.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
Summary
DNN vulnerable to stored cross-site-scripting (XSS) via SVG upload
Details

Summary

Sanitization of the content of uploaded SVG files was not covering all possible XSS scenarios.

Details

DNN validates the contents of SVG's to ensure they are valid and do not contain any malicious code. These checks were introduced as part of CVE-2025-48378.

However, the checks to ensure there are no script elements within the SVG files are not comprehensive and may allow some malicious SVG files to be uploaded.

As this vulnerability allows for the execution of arbitrary JavaScript code within the context of the user's browser, it can lead to a range of attacks, including data exfiltration, session hijacking, and defacement of the web application to name a few.

Show details on source website

To clipboard 

{
  "affected": [
    {
      "package": {
        "ecosystem": "NuGet",
        "name": "DotNetNuke.Core"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "10.1.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2025-64094"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-79"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2025-10-29T21:47:49Z",
    "nvd_published_at": "2025-10-28T22:15:38Z",
    "severity": "MODERATE"
  },
  "details": "### Summary\nSanitization of the content of uploaded SVG files was not covering all possible XSS scenarios.\n\n### Details\nDNN validates the contents of SVG\u0027s to ensure they are valid and do not contain any malicious code. These checks were introduced as part of `CVE-2025-48378`.\n\nHowever, the checks to ensure there are no script elements within the SVG files are not comprehensive and may allow some malicious SVG files to be uploaded.\n\nAs this vulnerability allows for the execution of arbitrary JavaScript code within the context of the user\u0027s browser, it can lead to a range of attacks, including data exfiltration, session hijacking, and defacement of the web application to name a few.",
  "id": "GHSA-hmvq-8p83-cq52",
  "modified": "2025-10-29T21:47:49Z",
  "published": "2025-10-29T21:47:49Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/dnnsoftware/Dnn.Platform/security/advisories/GHSA-hmvq-8p83-cq52"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-64094"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/dnnsoftware/Dnn.Platform"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "DNN vulnerable to stored cross-site-scripting (XSS) via SVG upload"
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.