CVE-2022-47053: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

April 12, 2023 (updated April 19, 2023)

An arbitrary file upload vulnerability in the Digital Assets Manager module of DNN Corp DotNetNuke v7.0.0 to v9.10.2 allows attackers to execute arbitrary code via a crafted SVG file.

References

nvd.nist.gov/vuln/detail/CVE-2022-47053
www.dnnsoftware.com/community/security/security-center
www.dnnsoftware.com/community/security/security-center

Code Behaviors & Features

Detect and mitigate CVE-2022-47053 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →