Primary

Context

DNN Stored Cross-Site Scripting Vulnerability via SVG Upload

Vulnerability

Patched

A stored cross-site scripting vulnerability has been identified in DNN (formerly DotNetNuke) versions prior to 10.2.2. This issue allows users to upload specially crafted SVG files containing scripts that can execute and target both authenticated and unauthenticated DNN users. The risk is heightened if the scripts are executed by a power user.

Impact

Exploitation of this vulnerability allows for stored cross-site scripting, where uploaded SVG files with embedded scripts are executed in the context of the user.

Remediation

Users can upgrade to DNN version 10.2.2, which addresses this vulnerability. Instructions for upgrading DNN can be found in the DNN documentation.

Added: Apr 17, 2026, 10:30 PM

Updated: Apr 17, 2026, 10:30 PM

Vulnerability Rating

Custom Algorithm

spread

5.2

impact

1.7

exploitability

5.2

remediation

7.7

relevance

6.1

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

5.2

impact

1.7

exploitability

5.2

remediation

7.7

relevance

6.1

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

DNN Stored Cross-Site Scripting Vulnerability via SVG Upload

Vulnerability

Impact

Remediation

Affected Products

DNN

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating