CVE-2025-48378

Description

DNN allows Stored Cross-Site Scripting (XSS) with svg files rendered inline

Predictions

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

No vendor mitigations ingested yet for this CVE. The mitigation-content worker queues fetches as references arrive — check back in a few minutes, or see the references list below.

References

• https://github.com/dnnsoftware/Dnn.Platform/security/advisories/GHSA-m4hf-fxcg-cp34
• https://nvd.nist.gov/vuln/detail/CVE-2025-48378
• https://github.com/dnnsoftware/Dnn.Platform/commit/cfed83c291d5e5072b2fa70924a8b7c35b1cdf9e
• https://github.com/dnnsoftware/Dnn.Platform