DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Prior to 10.1.1, the default HTML editor provider allows unauthenticated file uploads and images can overwrite existing files. An unauthenticated user can upload and replace existing files allowing defacing a website and combined with other issue, injection XSS payloads. This vulnerability is fixed in 10.1.1.
The default HTML editor provider in DNN prior to version 10.1.1 does not require authentication for file uploads. An attacker can upload any file and overwrite existing resources on the server. Using this capability, an attacker can replace page content (defacement) or, in combination with other vulnerabilities, inject malicious XSS payloads into pages served to users.
An attacker can deface a website by overwriting existing files and, in combination with other vulnerabilities, execute an XSS attack on users visiting the service. The vulnerability may also serve as an entry point for further system compromise.
Update DNN to version 10.1.1 or later, where the vulnerability has been fixed. Details are available in the vendor references: https://github.com/dnnsoftware/Dnn.Platform/security/advisories/GHSA-3m8r-w7xg-jqvw
DNN (DotNetNuke) in all versions before 10.1.1
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:HDnnsoftware Dotnetnuke
APPDnnsoftware< 10.1.1
Related vulnerabilities
DNN/DotNetNuke: XSS w tytule modułu umożliwia wykonanie skryptów
XSS w module Prompt platformy DNN (DotNetNuke) — wykonanie skryptu
The installation wizard in DotNetNuke (DNN) before 7.4.1 allows remote attackers to reinstall the application ...
DNN (aka DotNetNuke) 9.2 through 9.2.1 uses a weak encryption algorithm to protect input parameters.
DNN (aka DotNetNuke) 9.2 through 9.2.2 uses a weak encryption algorithm to protect input parameters. NOTE: thi...