<![CDATA[CVE-2026-40321: stored XSS in DNN (DotNetNuke) prior to v10.2.2 chains to full RCE.]]>

<![CDATA[CVE-2026-40321: stored XSS in DNN (DotNetNuke) prior to v10.2.2 chains to full RCE.]]>CVE-2026-40321: stored XSS in DNN (DotNetNuke) prior to v10.2.2 chains to full RCE.

Any authenticated user can upload a crafted SVG with embedded JavaScript. If a power user opens it, the payload calls DNN's own config endpoint to drop an ASPX backdoor in the server root.

One file. One click. Full RCE. CVSS 8.1, patched, fully documented.

Write-up + PoC payloads: https://pentest-tools.com/blog/dotnetnuke-xss-to-rce

More research from our team: https://pentest-tools.com/research

#offensivesecurity #penetrationtesting #infosec

]]>https://board.circlewithadot.net/topic/206219c6-7ad7-41b1-bf17-81b6e7a1d4c8/cve-2026-40321-stored-xss-in-dnn-dotnetnuke-prior-to-v10.2.2-chains-to-full-rce.RSS for NodeMon, 25 May 2026 05:37:25 GMTThu, 30 Apr 2026 12:45:51 GMT60