CVE-2022-47053

Опубликовано: 12 апр. 2023

Источник: nvd

CVSS3: 5.4

EPSS Низкий

Описание

An arbitrary file upload vulnerability in the Digital Assets Manager module of DNN Corp DotNetNuke v7.0.0 to v9.10.2 allows attackers to execute arbitrary code via a crafted SVG file.

Ссылки

https://www.dnnsoftware.com/community/security/security-center
Vendor Advisory
https://www.dnnsoftware.com/community/security/security-center#:~:text=XSS%20in%20Digital%20Asset%20Manager
Vendor Advisory
https://www.dnnsoftware.com/community/security/security-center
Vendor Advisory
https://www.dnnsoftware.com/community/security/security-center#:~:text=XSS%20in%20Digital%20Asset%20Manager
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:dnnsoftware:dotnetnuke:*:*:*:*:*:*:*:*

Версия от 7.0.0 (включая) до 9.10.2 (включая)

EPSS

Процентиль: 72%

0.00701

Низкий

5.4 Medium

CVSS3

Дефекты

CWE-79

Связанные уязвимости

GHSA-6453-4vff-qg82