GHSA-HMVQ-8P83-CQ52

Vulnerability from github – Published: 2025-10-29 21:47 – Updated: 2025-10-29 21:47
VLAI?
Summary
DNN vulnerable to stored cross-site-scripting (XSS) via SVG upload
Details

Summary

Sanitization of the content of uploaded SVG files was not covering all possible XSS scenarios.

Details

DNN validates the contents of SVG's to ensure they are valid and do not contain any malicious code. These checks were introduced as part of CVE-2025-48378.

However, the checks to ensure there are no script elements within the SVG files are not comprehensive and may allow some malicious SVG files to be uploaded.

As this vulnerability allows for the execution of arbitrary JavaScript code within the context of the user's browser, it can lead to a range of attacks, including data exfiltration, session hijacking, and defacement of the web application to name a few.

Severity ?
6.4 (Medium)
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
Show details on source website
To clipboard 

{
  "affected": [
    {
      "package": {
        "ecosystem": "NuGet",
        "name": "DotNetNuke.Core"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "10.1.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2025-64094"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-79"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2025-10-29T21:47:49Z",
    "nvd_published_at": "2025-10-28T22:15:38Z",
    "severity": "MODERATE"
  },
  "details": "### Summary\nSanitization of the content of uploaded SVG files was not covering all possible XSS scenarios.\n\n### Details\nDNN validates the contents of SVG\u0027s to ensure they are valid and do not contain any malicious code. These checks were introduced as part of `CVE-2025-48378`.\n\nHowever, the checks to ensure there are no script elements within the SVG files are not comprehensive and may allow some malicious SVG files to be uploaded.\n\nAs this vulnerability allows for the execution of arbitrary JavaScript code within the context of the user\u0027s browser, it can lead to a range of attacks, including data exfiltration, session hijacking, and defacement of the web application to name a few.",
  "id": "GHSA-hmvq-8p83-cq52",
  "modified": "2025-10-29T21:47:49Z",
  "published": "2025-10-29T21:47:49Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/dnnsoftware/Dnn.Platform/security/advisories/GHSA-hmvq-8p83-cq52"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-64094"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/dnnsoftware/Dnn.Platform"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "DNN vulnerable to stored cross-site-scripting (XSS) via SVG upload"
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.