Primary

Context

DNN Unauthenticated File Upload Vulnerability Allowing Content Overwrite and XSS Injection

Vulnerability

Patched

A vulnerability in DNN (formerly DotNetNuke) prior to version 10.1.1 allows unauthenticated file uploads through the default HTML editor provider. Uploaded images can overwrite existing files, leading to website defacement. Additionally, this issue could be exploited to inject cross-site scripting (XSS) payloads. The vulnerability arises from insufficient access control in the file upload process.

Impact

Exploitation of this vulnerability allows for unauthorized file uploads, overwriting of existing files, website defacement, and injection of cross-site scripting (XSS) payloads.

Remediation

Users can upgrade to DNN version 10.1.1 or later to address this vulnerability.

Added: Oct 28, 2025, 10:17 PM

Updated: Oct 28, 2025, 10:17 PM

Vulnerability Rating

Custom Algorithm

spread

5.2

impact

3.5

exploitability

8.3

remediation

7.7

relevance

0.8

threat

0.4

urgency

2.9

incentive

10.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

5.2

impact

3.5

exploitability

8.3

remediation

7.7

relevance

0.8

threat

0.4

urgency

2.9

incentive

10.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

DNN Unauthenticated File Upload Vulnerability Allowing Content Overwrite and XSS Injection

Vulnerability

Impact

Remediation

Affected Products

DNN

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating