来自MSN

From XSS to RCE: How to hijack a DotNetNuke server via a single script injection

Malicious SVG uploads in DotNetNuke execute JavaScript when clicked Attack requires only one admin click to trigger full server compromise XSS flaw allows attackers to act using the victim’s ...