Vulnerability Database

309,364

Total vulnerabilities in the database

CVE-2025-48378

DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Prior to version 9.13.9, uploaded SVG files could contain scripts and if rendered inline those scripts could run allowing XSS attacks. Version 9.13.9 fixes the issue.

Published: May 23, 2025
Updated: Nov 24, 2025
CVE: CVE-2025-48378
GHSA: GHSA-m4hf-fxcg-cp34
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 5.4
AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

CWEs:

CWE-79

OWASP TOP 10:

A7 - Cross-Site Scripting (XSS)

Affected Software
References

Software	From	Fixed in
DotNetNuke.Core	-	9.13.9
dnnsoftware / dotnetnuke	-	9.13.9

https://github.com/dnnsoftware/Dnn.Platform/commit/cfed83c291d5e5072b2fa70924a8b7c35b1cdf9e
https://github.com/dnnsoftware/Dnn.Platform/security/advisories/GHSA-m4hf-fxcg-cp34

Deep Security Visibility Without the Complexity

SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.

No setup fees
5-min deployment
Cancel anytime

Book a Demo