CVE-2025-48378

May 23, 2025 invoker category_cve

CVE Details

Basic Information

Title CVE-2025-48378
Type cve
Published 2025-05-23T16:15:27
Last Seen 2025-05-23T16:29:36

CVSS Information

Base Score 0.0 ()
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact

AI Analysis

AI Description This vulnerability allows cross-site scripting (XSS) in DNN (DotNetNuke) due to improper validation of uploaded SVG files. Attackers could execute scripts in a user’s browser, potentially stealing session data or performing unauthorized actions.
AI Severity Medium
Vendor DNN Corporation
Product DNN (DotNetNuke)
Affected Version versions prior to 9.13.9

Additional Information

CVE List CVE-2025-48378
CWE List CWE-79
Bulletin Family cve

Description

DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Prior to version 9.13.9, uploaded SVG files could contain scripts and if rendered inline those…

CVSS Score Summary

Base Score: %!f(string=#) ()

View Full CVE Details

💭 Join the Security Discussion

🔒 Your email address will not be published. Required fields are marked *

⚠️ Please be respectful and constructive in your comments. Security discussions should remain professional.