CVE-2025-48378

Name of the Vulnerable Software and Affected Versions DNN (formerly DotNetNuke) versions prior to 9.13.9

Description The issue concerns the DNN (formerly DotNetNuke) open-source web content management platform, which is part of the Microsoft ecosystem. In affected versions, uploaded SVG files could contain scripts. If these SVG files are rendered inline, the scripts could run, allowing cross-site scripting (XSS) attacks.

Recommendations For versions prior to 9.13.9, update to version 9.13.9 to resolve the issue. As a temporary workaround, consider restricting the upload of SVG files or disabling the rendering of SVG files inline until the update can be applied.