1. Forum
  2. tqwNet
  3. TQW GENTECH

  • 'Chaining vulnerabilities is the hallmark of a sophisticated atta

    From TechnologyDaily@1337:1/100 to All on Wednesday, April 29, 2026 22:45:26
    'Chaining vulnerabilities is the hallmark of a sophisticated attack': 750,000 websites must be patched as Microsoft's popular open source Dotnetnuke CMS
    hit by an XSS flaw that allows attackers to hijack admin sessions and take over entire web servers

    Date:
    Wed, 29 Apr 2026 21:35:00 +0000

    Description:
    A critical DotNetNuke vulnerability allows attackers to upload malicious SVG files, execute XSS, and gain server control through authenticated user actions.

    FULL STORY ======================================================================Copy link Facebook X Whatsapp Reddit Pinterest Flipboard Threads Email Share this article 0 Join the conversation Follow us Add us as a preferred source on Google Newsletter Subscribe to our newsletter Malicious SVG uploads in DotNetNuke execute JavaScript when clicked Attack requires only one admin click to trigger full server compromise XSS flaw allows attackers to act
    using the victims authenticated session Cybercriminals can now chain exploits together and gain control of web servers by exploiting a critical cross-site scripting (XSS) vulnerability in the DotNetNuke CMS .

    The flaw, tracked as CVE-2026-40321, affects the popular open-source platform built on Microsoft technology and powers over 750,000 websites globally. According to Pentest Tools , a malicious SVG file containing JavaScript code can be uploaded as an image, and clicking on this file executes the embedded payload and writes a backdoor file directly onto the server. Article
    continues below You may like Around 500,000 WordPress websites could be at risk from crucial plugin security flaw 60,000 WordPress sites at risk due to plugin security flaw Nearly a million WordPress websites could be at risk
    from this serious plugin security flaw How attackers bypass the CMS filters
    to upload malicious files By default, DotNetNuke allows users to register accounts and upload SVG files to their own user directories.

    Even if these SVG files contain JavaScript inside an anchor tag, the
    platforms content filter does not prevent the upload, and if a victim clicks on an SVG file that contains simple payloads, it is enough to trigger XSS.

    Since the "Click me" button now generally looks suspicious, some attackers embed a fake login page image into the SVG.

    Once a victim clicks the booby-trapped image, the JavaScript payload executes in the browser using the existing authenticated session. Are you a pro? Subscribe to our newsletter Sign up to the TechRadar Pro newsletter to get
    all the top news, opinion, features and guidance your business needs to succeed! Contact me with news and offers from other Future brands Receive email from us on behalf of our trusted partners or sponsors By submitting
    your information you agree to the Terms & Conditions and Privacy Policy and are aged 16 or over.

    The attackers then exploit /API/personaBar/ConfigConsole/UpdateConfigFile, an authenticated endpoint that allows users with sufficient privileges to write files to the server.

    The payload generates a new ASPX web shell, essentially a backdoor that accepts commands via URL parameters.

    With this, the attacker runs malware, steals data, or disables security tools on the underlying Windows server. What to read next Critical n8n flaws discovered - here's how to stay safe Huge numbers of web stores are facing attack from this dangerous new malware Now that's different - hackers use miniature SVG images to try and hide credit card stealer Why is the vulnerability dangerous? This vulnerability is dangerous because the attack chain completely defeats regular security defenses.

    All the attacker needs is to convince a single privileged user to click on a malicious image, which can compromise the entire system no password needed, and there is no need to exploit server software.

    Regular antivirus software will be of little or no help here because it may not detect the attack.

    The malicious payload is delivered via a legit SVG file and executed with native browser features, so the tool becomes irrelevant.

    A configured firewall would also not block the outbound connection because
    the attack uses standard HTTP traffic.

    Malware removal tools are ineffective against a backdoor that was never installed through traditional means but was instead written to disk by an authenticated request.

    The vulnerability is serious, but thankfully, the attack only works when several conditions align perfectly.

    The attacker needs a registered account on the target site, the ability to upload SVG files, and a privileged user who clicks on a suspicious
    attachment.

    Administrators, therefore, must be vigilant, check file extensions, and disable unnecessary user uploads for protection.

    Although there is an official patch for the vulnerability, which
    organizations running DotNetNuke should prioritize, administrators should
    also review user registration policies.

    If anonymous file uploads are not necessary, then they should be disabled immediately. Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds.



    ======================================================================
    Link to news story: https://www.techradar.com/pro/security/chaining-vulnerabilities-is-the-hallmar k-of-a-sophisticated-attack-750-000-websites-must-be-patched-as-microsofts-pop ular-open-source-dotnetnuke-cms-hit-by-an-xss-flaw-that-allows-attackers-to-hi jack-admin-sessions-and-take-over-entire-web-servers


    --- Mystic BBS v1.12 A49 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)