Microsoft
CVE-2026-40321
HIGH
Severity by source
AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H
Primary rating from GitHub Advisory · only source for this CVE.
CVSS VectorGitHub Advisory
CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H
Lifecycle Timeline
6DescriptionGitHub Advisory
DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Prior to version 10.2.2, a user could upload a specially crafted SVG file that could include scripts that can target both authenticated and unauthenticated DNN users. The impact is increased if the scripts are run by a power user. Version 10.2.2 patches the issue.
AnalysisAI
Stored cross-site scripting (XSS) via malicious SVG file upload in DNN Platform (DotNetNuke) versions before 10.2.2 allows low-privileged authenticated users to execute arbitrary JavaScript in the context of other users' browsers. Attackers can craft SVG files containing embedded scripts that execute when viewed by victims, with elevated impact if targeting administrative users. EPSS data not provided; no CISA KEV listing indicates no confirmed widespread exploitation at time of analysis. CVSS 8.1 (High) reflects the scope change and high confidentiality/integrity impact despite requiring both authentication and user interaction.
Technical ContextAI
DNN Platform (formerly DotNetNuke) is an ASP.NET-based open-source content management system in the Microsoft ecosystem. The vulnerability stems from CWE-87 (Improper Neutralization of Alternate XSS Syntax), indicating insufficient sanitization of SVG file uploads. SVG files are XML-based and can contain script elements, style-based JavaScript, or event handlers that execute in the browser when rendered. The platform's file upload mechanism fails to strip or sandbox these executable elements before storage. Affected product identified as cpe:2.3:a:dnnsoftware:dnn.platform versions prior to 10.2.2. This is a stored XSS variant where the malicious payload persists on the server and executes whenever users access the uploaded SVG resource, as opposed to reflected XSS requiring per-victim delivery.
RemediationAI
Upgrade to DNN Platform version 10.2.2 or later, which patches the SVG file upload sanitization issue. Release available at https://github.com/dnnsoftware/Dnn.Platform/releases/tag/v10.2.2 with vendor advisory at https://github.com/dnnsoftware/Dnn.Platform/security/advisories/GHSA-ffq7-898w-9jc4. If immediate patching is not feasible, implement compensating controls: disable SVG file uploads through file upload extension restrictions in DNN admin settings (impacts legitimate SVG usage for graphics); restrict file upload permissions to highly trusted users only (reduces attack surface but limits platform functionality); implement Content Security Policy headers with script-src directives to block inline script execution (may break legitimate DNN features relying on inline scripts). For high-risk environments, consider serving uploaded files from a separate domain with restrictive CSP to prevent credential access (requires infrastructure changes and URL rewriting). Each mitigation trades security against functionality-patching to 10.2.2 is the only complete solution without operational impact.
Same technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today
GHSA-ffq7-898w-9jc4