Launch Week Day 1: Announcing Security Design Review

DNN allows Stored Cross-Site Scripting (XSS) with svg files rendered inline

GHSA-m4hf-fxcg-cp34 · CVE-2025-48378

Published May 23, 2025 · Modified May 23, 2025

Description

Uploaded SVG files could contain scripts and if rendered inline those scripts could run allowing XSS attacks.

References

Ready to move

Start Securing

Start for Free Get Demo

Free, no credit card | First findings in minutes