Miggo Logo
Miggo Vulnerability Database
CVE-2025-48378

CVE-2025-48378: DNN allows Stored Cross-Site Scripting (XSS) with svg files rendered inline

6.1

CVSS Score
4.0

Basic Information

CVE ID
CVE-2025-48378
GHSA ID
GHSA-m4hf-fxcg-cp34
EPSS Score
0.19001%
CWE
CWE-79
Published
5/23/2025
Updated
5/23/2025
KEV Status
No
Technology
TechnologyC#

Technical Details

CVSS Vector
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Package NameEcosystemVulnerable VersionsFirst Patched Version
DotNetNuke.Corenuget< 9.13.99.13.9

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability lies in the insufficient sanitization of SVG files before they are potentially rendered inline. The primary vulnerable function was DotNetNuke.Services.FileSystem.Internal.SecurityCheckers.SvgFileChecker.Validate, which, prior to the patch, used PortalSecurity.Instance.ValidateInput with the NoScripting flag. This method was not robust enough to remove all XSS vectors from SVG files, such as scripts within <script> tags (especially with namespaces) or event handlers like onload or onerror. The patch replaced this with a more direct XML parsing approach that explicitly disallows <script> elements and attributes starting with on. The DotNetNuke.Services.FileSystem.Internal.FileSecurityController.Validate function is also relevant as it's the orchestrator that calls the specific file checker, in this case, the SvgFileChecker.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

Uplo**** SV* *il*s *oul* *ont*in s*ripts *n* i* r*n**r** inlin* t*os* s*ripts *oul* run *llowin* XSS *tt**ks.

Reasoning

T** vuln*r**ility li*s in t** insu**i*i*nt s*nitiz*tion o* SV* *il*s ***or* t**y *r* pot*nti*lly r*n**r** inlin*. T** prim*ry vuln*r**l* *un*tion w*s `*otN*tNuk*.S*rvi**s.*il*Syst*m.Int*rn*l.S**urity****k*rs.Sv**il*****k*r.V*li**t*`, w*i**, prior to