CVE-2022-47053 (Medium) detected in DotNetNuke.Modules.DigitalAssets-9.8.0.0.dll

## CVE-2022-47053 - Medium Severity Vulnerability
<details><summary><img src='https://whitesource-resources.whitesourcesoftware.com/vulnerability_details.png' width=19 height=20> Vulnerable Library - DotNetNuke.Modules.DigitalAssets-9.8.0.0.dll</summary>

DotNetNuke.Modules.DigitalAssets
Library home page: <a href="https://api.nuget.org/packages/dotnetnuke.bundle.9.8.0.nupkg">https://api.nuget.org/packages/dotnetnuke.bundle.9.8.0.nupkg</a>
Path to vulnerable library: /References/DNN/09.07.00/DotNetNuke.Modules.DigitalAssets.dll


Dependency Hierarchy:
 - :x: **DotNetNuke.Modules.DigitalAssets-9.8.0.0.dll** (Vulnerable Library)
Found in HEAD commit: <a href="https://github.com/UpendoVentures/Dnn.FipsAesCryptoProvider/commit/d6abd56cf0fd6b2d3d2037d2844bf7d7d130c52c">d6abd56cf0fd6b2d3d2037d2844bf7d7d130c52c</a>
Found in base branch: development

</details>

<details><summary><img src='https://whitesource-resources.whitesourcesoftware.com/medium_vul.png?' width=19 height=20> Vulnerability Details</summary>
 
 
An arbitrary file upload vulnerability in the Digital Assets Manager module of DNN Corp DotNetNuke v7.0.0 to v9.10.2 allows attackers to execute arbitrary code via a crafted SVG file.

Publish Date: 2023-04-12
URL: <a href=https://www.mend.io/vulnerability-database/CVE-2022-47053>CVE-2022-47053</a>

</details>

<details><summary><img src='https://whitesource-resources.whitesourcesoftware.com/cvss3.png' width=19 height=20> CVSS 3 Score Details (5.4)</summary>


Base Score Metrics:
- Exploitability Metrics:
 - Attack Vector: Network
 - Attack Complexity: Low
 - Privileges Required: Low
 - User Interaction: Required
 - Scope: Changed
- Impact Metrics:
 - Confidentiality Impact: Low
 - Integrity Impact: Low
 - Availability Impact: None

For more information on CVSS3 Scores, click <a href="https://www.first.org/cvss/calculator/3.0">here</a>.

</details>

<details><summary><img src='https://whitesource-resources.whitesourcesoftware.com/suggested_fix.png' width=19 height=20> Suggested Fix</summary>


Type: Upgrade version
Origin: <a href="https://www.dnnsoftware.com/community/security/security-center#:~:text=XSS%20in%20Digital%20Asset%20Manager">https://www.dnnsoftware.com/community/security/security-center#:~:text=XSS%20in%20Digital%20Asset%20Manager</a>
Release Date: 2023-04-12
Fix Resolution: DotNetNuke.Bundle - 9.11.0


</details>


***
Step up your Open Source Security Game with Mend [here](https://www.whitesourcesoftware.com/full_solution_bolt_github)

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

CVE-2022-47053 (Medium) detected in DotNetNuke.Modules.DigitalAssets-9.8.0.0.dll #23

CVE-2022-47053 - Medium Severity Vulnerability

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Uh oh!

CVE-2022-47053 (Medium) detected in DotNetNuke.Modules.DigitalAssets-9.8.0.0.dll #23

Description

CVE-2022-47053 - Medium Severity Vulnerability

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions