CVE-2020-37103

Medium CVSS: 5.1

DotNetNuke 9.5 contains a persistent cross-site scripting vulnerability that allows normal users to upload malicious XML files with executable scripts through journal tools. Attackers can upload XML files with XHTML namespace scripts to execute arbitrary JavaScript in users' browsers, potentially bypassing CSRF protections and performing more damaging attacks.

Vendor

Dnnsoftware

Product

Dotnetnuke

CWE

CWE-79

Yayın Tarihi

2026-02-03 18:16:10

Güncelleme

2026-02-09 22:10:18

Source Identifier

disclosure@vulncheck.com

KEV Date Added

Kategoriler

CWE-79 Dotnetnuke MEDIUM Dnnsoftware 2026

Referanslar

http://dnnsoftware.com/ https://medium.com/@SajjadPourali/dnn-dotnetnuke-cms-not-as-secure-as-you-think-e8516f789175 https://www.exploit-db.com/exploits/48124 https://www.vulncheck.com/advisories/dotnetnuke-persistent-cross-site-scripting

Benzer Kayıtlar

Critical

CVE-2026-24838

DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Prior to v…

High

CVE-2026-24837

DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Starting i…

Medium

CVE-2026-24784

DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Starting i…

High

CVE-2026-24833

DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Prior to v…

High

CVE-2026-24836

DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Starting i…

Medium

CVE-2025-62802

DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Prior to 1…