Cross-Site Scripting Vulnerability in DNN CMS Prior to Version 9.13.9
CVE-2025-48378

6.1MEDIUM

Key Information:

Vendor

Dnnsoftware

Status
Dnn.platform
Vendor
CVE Published:
23 May 2025

What is CVE-2025-48378?

DNN, an open-source web content management platform, had a vulnerability that allowed uploaded SVG files to potentially carry executable scripts. If these files were rendered inline, they could lead to Cross-Site Scripting (XSS) attacks, compromising user security and data integrity. This issue has been resolved in version 9.13.9, ensuring that SVG file uploads are treated securely.

Affected Version(s)

Dnn.Platform < 9.13.9

References

https://github.com/dnnsoftware/Dnn.Platform/security/advi...
x_refsource_CONFIRM
https://github.com/dnnsoftware/Dnn.Platform/commit/cfed83...
x_refsource_MISC

CVSS V4

Score:
6.1
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
Unknown

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.