{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-40321", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2026-04-10T21:41:54.505Z", "datePublished": "2026-04-17T21:10:33.192Z", "dateUpdated": "2026-04-22T03:55:44.141Z"}, "containers": {"cna": {"title": "DotNetNuke.Core has stored cross-site-scripting (XSS) via SVG upload", "problemTypes": [{"descriptions": [{"cweId": "CWE-87", "lang": "en", "description": "CWE-87: Improper Neutralization of Alternate XSS Syntax", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H", "version": "3.1"}}], "references": [{"name": "https://github.com/dnnsoftware/Dnn.Platform/security/advisories/GHSA-ffq7-898w-9jc4", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/dnnsoftware/Dnn.Platform/security/advisories/GHSA-ffq7-898w-9jc4"}, {"name": "https://github.com/dnnsoftware/Dnn.Platform/releases/tag/v10.2.2", "tags": ["x_refsource_MISC"], "url": "https://github.com/dnnsoftware/Dnn.Platform/releases/tag/v10.2.2"}], "affected": [{"vendor": "dnnsoftware", "product": "Dnn.Platform", "versions": [{"version": "< 10.2.2", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-04-17T21:10:33.192Z"}, "descriptions": [{"lang": "en", "value": "DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Prior to version 10.2.2, a user could upload a specially crafted SVG file that could include scripts that can target both authenticated and unauthenticated DNN users. The impact is increased if the scripts are run by a power user. Version 10.2.2 patches the issue."}], "source": {"advisory": "GHSA-ffq7-898w-9jc4", "discovery": "UNKNOWN"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-04-21T00:00:00+00:00", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3", "id": "CVE-2026-40321"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-22T03:55:44.141Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-40321", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-04-20T16:00:34.936732Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-20T16:00:52.230Z"}}], "cna": {"title": "DotNetNuke.Core has stored cross-site-scripting (XSS) via SVG upload", "source": {"advisory": "GHSA-ffq7-898w-9jc4", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 8.1, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}}], "affected": [{"vendor": "dnnsoftware", "product": "Dnn.Platform", "versions": [{"status": "affected", "version": "< 10.2.2"}]}], "references": [{"url": "https://github.com/dnnsoftware/Dnn.Platform/security/advisories/GHSA-ffq7-898w-9jc4", "name": "https://github.com/dnnsoftware/Dnn.Platform/security/advisories/GHSA-ffq7-898w-9jc4", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://github.com/dnnsoftware/Dnn.Platform/releases/tag/v10.2.2", "name": "https://github.com/dnnsoftware/Dnn.Platform/releases/tag/v10.2.2", "tags": ["x_refsource_MISC"]}], "descriptions": [{"lang": "en", "value": "DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Prior to version 10.2.2, a user could upload a specially crafted SVG file that could include scripts that can target both authenticated and unauthenticated DNN users. The impact is increased if the scripts are run by a power user. Version 10.2.2 patches the issue."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-87", "description": "CWE-87: Improper Neutralization of Alternate XSS Syntax"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-04-17T21:10:33.192Z"}}}, "cveMetadata": {"cveId": "CVE-2026-40321", "state": "PUBLISHED", "dateUpdated": "2026-04-22T03:55:44.141Z", "dateReserved": "2026-04-10T21:41:54.505Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2026-04-17T21:10:33.192Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:dnnsoftware:dotnetnuke:*:*:*:*:*:*:*:*", "matchCriteriaId": "F61D2C37-099C-42FD-8187-C72542905CC8", "versionEndExcluding": "10.2.2", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Prior to version 10.2.2, a user could upload a specially crafted SVG file that could include scripts that can target both authenticated and unauthenticated DNN users. The impact is increased if the scripts are run by a power user. Version 10.2.2 patches the issue."}], "id": "CVE-2026-40321", "lastModified": "2026-04-24T14:41:30.220", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.0, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.3, "impactScore": 6.0, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2026-04-17T22:16:32.653", "references": [{"source": "security-advisories@github.com", "tags": ["Release Notes"], "url": "https://github.com/dnnsoftware/Dnn.Platform/releases/tag/v10.2.2"}, {"source": "security-advisories@github.com", "tags": ["Vendor Advisory"], "url": "https://github.com/dnnsoftware/Dnn.Platform/security/advisories/GHSA-ffq7-898w-9jc4"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-87"}], "source": "security-advisories@github.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,10.2.2)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "Dnn.Platform", "source": "cna", "vendor": "dnnsoftware"}, "product": "dnn_platform", "vendor": "dnnsoftware"}], "analysis": {"en": {"generated_at": "2026-04-18T08:54:58.633930+00:00", "value": {"mitigation_remediation": ["Apply the vendor patch to DNN Platform 10.2.2 or later.", "Disable or restrict SVG file uploads in the CMS configuration, allowing only safe file types.", "Sanitize all uploaded files and remove embedded scripts before storing or serving them."], "summary": {"action": "Patch promptly", "impact": "Cross\u2011Site Scripting (XSS) via stored SVG upload"}, "threat_synthesis": {"affected_systems": "The issue affects installations of DNN Platform up to but not including version 10.2.2. The affected product is DNN Platform (formerly DotNetNuke) by dnnsoftware. Users of any deployment of the CMS that has not applied the 10.2.2 update are vulnerable.", "description_and_impact": "A vulnerability in DNN Platform prior to version 10.2.2 allows an attacker to upload a specially crafted SVG file that may contain malicious scripts. The scripts are stored and later rendered by the platform, enabling cross\u2011site scripting attacks that affect both authenticated and unauthenticated users. If the victim is a privileged user, the impact extends to higher\u2011privilege accounts, potentially leading to session hijacking or data theft.", "risk_and_exploitability": "The CVSS score of 8.1 indicates high severity. No EPSS score is available, and the vulnerability is not listed in CISA's KEV catalog. The vulnerability can be exploited by uploading a malicious SVG file through the web interface;unauthenticated visitors can trigger the payload via public upload endpoints, while authenticated users can be targeted as well. No special prerequisites beyond access to an upload page are needed, making it readily exploitable for attackers. The likely attack vector is a web\u2011based file upload."}}}}, "created": "2026-04-17T22:30:29.500401+00:00", "updated": "2026-04-18T09:00:05.899188+00:00", "vendors": ["dnnsoftware", "dnnsoftware$PRODUCT$dnn_platform"]}