High-Severity XSS in DNN CMS Demands Immediate Patching

/HIGH
Written by SCW Vulnerability Desk Vulnerability Intelligence
SCW vulnerabilitycvehigh-severitycwe-87
High-Severity XSS in DNN CMS Demands Immediate Patching

The National Vulnerability Database has disclosed CVE-2026-40321, a high-severity cross-site scripting (XSS) vulnerability impacting DNN (formerly DotNetNuke) web content management systems prior to version 10.2.2. This flaw allows an attacker to upload a specially crafted SVG file containing malicious scripts. These scripts can then target both authenticated and unauthenticated users accessing the DNN instance.

The impact of this vulnerability, rated with a CVSS score of 8 (HIGH), escalates significantly if the malicious script is executed by a power user. The National Vulnerability Database attributes this to CWE-87, highlighting improper neutralization of input during web page generation. This isn’t theoretical; SVG files are often overlooked as an attack vector, making this a prime candidate for client-side compromise.

Defenders running DNN must prioritize patching to version 10.2.2 immediately. Ignoring this leaves your users, especially those with elevated privileges, exposed to client-side attacks that can lead to session hijacking, data exfiltration, or further compromise of the web application.

What This Means For You

  • If your organization uses DNN (DotNetNuke) CMS, you need to verify your version immediately. Patch to version 10.2.2 or later to mitigate CVE-2026-40321. Audit your web logs for any suspicious SVG file uploads or unusual client-side activity, especially around user sessions.

Related ATT&CK Techniques

T1190 Exploit Public-Facing Application Initial Access T1566.002 Phishing: Spearphishing Attachment Initial Access T1204.002 Malicious File: User Execution Execution

🛡️ Detection Rules

3 rules · 6 SIEM formats

3 detection rules auto-generated for this incident, mapped to MITRE ATT&CK. Sigma YAML is free — export to any SIEM format via the Intel Bot.

high T1190 Initial Access

DNN CVE-2026-40321 SVG File Upload - Free Tier

Sigma YAML — free preview
✓ Sigma · Splunk SPL Sentinel KQL Elastic QRadar AQL Wazuh Export via Bot →

Indicators of Compromise

IDTypeIndicator
CVE-2026-40321 XSS DNN (DotNetNuke) prior to version 10.2.2
CVE-2026-40321 XSS Specially crafted SVG file upload

Written by SCW Vulnerability Desk

Source & Attribution
Source PlatformNVD
ChannelNational Vulnerability Database
PublishedApril 18, 2026 at 01:16 UTC

This content was AI-rewritten and enriched by Shimi's Cyber World based on the original source. All intellectual property rights remain with the original author.

Believe this infringes your rights? Submit a takedown request.

Related Posts

ChurchCRM Flaw: Data Deletion Via CSRF

CVE-2026-40581 — ChurchCRM is an open-source church management system. In versions prior to 7.2.0, the family record deletion endpoint (SelectDelete.php) performs permanent, irreversible deletion of...

vulnerabilityCVEhigh-severitycwe-352cwe-862
/SCW Vulnerability Desk /HIGH /⚑ 3 IOCs /⚙ 3 Sigma

CVE-2026-40485 — ChurchCRM is an open-source church management system. In

CVE-2026-40485 — ChurchCRM is an open-source church management system. In versions prior to 7.2.0, the public API login endpoint (/api/public/user/login) returns distinguishable HTTP response codes...

vulnerabilityCVEmedium-severitycwe-204cwe-307
/SCW Vulnerability Desk /MEDIUM /⚑ 3 IOCs /⚙ 2 Sigma

ChurchCRM RCE: Unauthenticated Admin Exploit via Backup Restore

CVE-2026-40484 — ChurchCRM is an open-source church management system. In versions prior to 7.2.0, the database backup restore functionality extracts uploaded archive contents and copies...

vulnerabilityCVEcriticalhigh-severityremote-code-executioncwe-269cwe-434cwe-552
/SCW Vulnerability Desk /CRITICAL /⚑ 4 IOCs /⚙ 3 Sigma