{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata — refreshed continuously.","feed_url":"https://feed.craftedsignal.io/tags/dotnetnuke/","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cves":[{"cvss":8,"id":"CVE-2026-40321"}],"_cs_exploited":false,"_cs_products":[],"_cs_severities":["high"],"_cs_tags":["dnn","dotnetnuke","svg","xss","cve-2026-40321","upload"],"_cs_type":"advisory","_cs_vendors":[],"content_html":"\u003cp\u003eDNN (formerly DotNetNuke) is an open-source web content management system (CMS) built on the .NET framework. Prior to version 10.2.2, a stored cross-site scripting (XSS) vulnerability exists due to insufficient sanitization of SVG files. Attackers can exploit CVE-2026-40321 by uploading a crafted SVG file containing malicious JavaScript. This script can then be executed in the context of other users, including administrators, upon accessing the uploaded SVG. Successful exploitation could lead to session hijacking, account takeover, and potentially arbitrary code execution on the server. Version 10.2.2 addresses this vulnerability by implementing proper sanitization of SVG uploads. The vulnerability affects both authenticated and unauthenticated users, increasing the attack surface.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAn attacker identifies a DNN instance running a version prior to 10.2.2.\u003c/li\u003e\n\u003cli\u003eThe attacker crafts a malicious SVG file containing embedded JavaScript code designed to perform actions such as stealing cookies or redirecting users.\u003c/li\u003e\n\u003cli\u003eThe attacker uploads the malicious SVG file to the DNN instance, potentially through a media library or profile picture upload feature.\u003c/li\u003e\n\u003cli\u003eA user (either authenticated or unauthenticated) views the page or element where the malicious SVG is displayed.\u003c/li\u003e\n\u003cli\u003eThe user\u0026rsquo;s browser executes the embedded JavaScript code within the SVG file.\u003c/li\u003e\n\u003cli\u003eThe malicious script steals the user\u0026rsquo;s session cookie or redirects them to a phishing page.\u003c/li\u003e\n\u003cli\u003eIf the compromised user has administrative privileges, the attacker uses the stolen cookie to access the DNN administration panel.\u003c/li\u003e\n\u003cli\u003eThe attacker leverages their administrative access to inject malicious code into the DNN website or install a backdoor for persistent access.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of this vulnerability (CVE-2026-40321) can lead to a range of negative consequences. Attackers can hijack user sessions, potentially gaining unauthorized access to sensitive data and administrative functions. An attacker can deface the website, inject malware, or steal sensitive information. Because DNN is often used in enterprise environments, this could lead to significant data breaches and reputational damage. The number of affected installations is potentially high, given the widespread use of DNN.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade DNN installations to version 10.2.2 or later to patch CVE-2026-40321, as recommended by the vendor.\u003c/li\u003e\n\u003cli\u003eImplement the \u0026ldquo;Detect Suspicious SVG Uploads\u0026rdquo; Sigma rule to identify attempts to upload SVG files containing potentially malicious script content.\u003c/li\u003e\n\u003cli\u003eMonitor web server logs for HTTP requests with the \u0026ldquo;.svg\u0026rdquo; extension and inspect the request body for suspicious JavaScript patterns to proactively detect malicious SVG uploads using the \u0026ldquo;Web Server Suspicious SVG Upload\u0026rdquo; Sigma rule.\u003c/li\u003e\n\u003cli\u003eImplement strict input validation and sanitization measures for all file uploads, especially SVG files, to prevent the injection of malicious code.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-04-18T12:00:00Z","date_published":"2026-04-18T12:00:00Z","id":"/briefs/2026-04-dnn-svg-upload/","summary":"DNN (formerly DotNetNuke) before 10.2.2 is vulnerable to stored cross-site scripting (XSS) via malicious SVG file uploads, potentially leading to account takeover and arbitrary code execution.","title":"DNN (DotNetNuke) SVG Upload Vulnerability (CVE-2026-40321)","url":"https://feed.craftedsignal.io/briefs/2026-04-dnn-svg-upload/"},{"_cs_actors":[],"_cs_cves":[],"_cs_exploited":false,"_cs_products":[],"_cs_severities":["high"],"_cs_tags":["dotnetnuke","xss","svg","web-application"],"_cs_type":"advisory","_cs_vendors":[],"content_html":"\u003cp\u003eDotNetNuke.Core versions prior to 10.2.2 are vulnerable to stored cross-site scripting (XSS). An attacker can exploit this vulnerability by uploading a malicious SVG file to the DotNetNuke server. This file contains embedded JavaScript that executes when the SVG is processed and displayed by the application. Successful exploitation requires a user to interact with the uploaded SVG file, which then triggers the malicious script execution. This poses a significant risk as the injected scripts can target both authenticated and unauthenticated users, potentially leading to session hijacking, data theft, or unauthorized actions performed on behalf of the victim. This vulnerability was published on April 10, 2026, and patched in version 10.2.2.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAn attacker crafts a malicious SVG file containing embedded JavaScript code designed for XSS exploitation.\u003c/li\u003e\n\u003cli\u003eThe attacker, with low privileges, uploads the malicious SVG file to the DotNetNuke server through a file upload functionality.\u003c/li\u003e\n\u003cli\u003eThe server stores the SVG file, making it accessible to other users.\u003c/li\u003e\n\u003cli\u003eA user (either authenticated or unauthenticated) navigates to the location where the SVG file is stored or displayed.\u003c/li\u003e\n\u003cli\u003eThe user\u0026rsquo;s browser processes the SVG file, triggering the execution of the embedded JavaScript.\u003c/li\u003e\n\u003cli\u003eThe malicious script executes within the user\u0026rsquo;s browser session, gaining access to cookies, session tokens, and other sensitive information.\u003c/li\u003e\n\u003cli\u003eThe attacker steals user\u0026rsquo;s cookies and session tokens.\u003c/li\u003e\n\u003cli\u003eThe attacker uses stolen session tokens to hijack the user\u0026rsquo;s session, perform unauthorized actions, and potentially escalate privileges.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of this XSS vulnerability allows an attacker to execute arbitrary JavaScript code within the context of a user\u0026rsquo;s session. This can lead to sensitive information disclosure, such as stealing user credentials or session cookies. An attacker can then hijack user sessions, perform unauthorized actions on their behalf, and potentially gain elevated privileges within the DotNetNuke application. Due to the nature of stored XSS, the impact can be widespread, affecting any user who interacts with the malicious SVG file until the vulnerability is patched.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade DotNetNuke.Core to version 10.2.2 or later to patch the XSS vulnerability (reference: Affected versions).\u003c/li\u003e\n\u003cli\u003eImplement server-side validation to sanitize uploaded SVG files and prevent the injection of malicious scripts (reference: Description).\u003c/li\u003e\n\u003cli\u003eDeploy the Sigma rule provided below to detect attempts to upload SVG files containing JavaScript code (reference: Sigma rule \u0026ldquo;Detect SVG Upload with Embedded JavaScript\u0026rdquo;).\u003c/li\u003e\n\u003cli\u003eConfigure web application firewalls (WAFs) to inspect and block suspicious SVG uploads based on content analysis (reference: Description).\u003c/li\u003e\n\u003cli\u003eEnable logging for file uploads to track potential malicious activity (reference: logsource category \u0026ldquo;file_event\u0026rdquo;).\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-04-11T12:00:00Z","date_published":"2026-04-11T12:00:00Z","id":"/briefs/2026-04-dotnetnuke-xss/","summary":"DotNetNuke.Core is vulnerable to stored cross-site scripting (XSS) where a user can upload a specially crafted SVG file containing malicious scripts, potentially targeting both authenticated and unauthenticated DNN users, with successful exploitation requiring user interaction and leading to high impact on confidentiality, integrity, and availability.","title":"DotNetNuke.Core Stored XSS via SVG Upload","url":"https://feed.craftedsignal.io/briefs/2026-04-dotnetnuke-xss/"}],"language":"en","title":"CraftedSignal Threat Feed — Dotnetnuke","version":"https://jsonfeed.org/version/1.1"}