← back
CVE-2020-37103

DotNetNuke 9.5 - Persistent Cross-Site Scripting

CVSS 5.1 MEDIUMEPSS 0.3%CWE-79
DotNetNuke 9.5 contains a persistent cross-site scripting vulnerability that allows normal users to upload malicious XML files with executable scripts through journal tools. Attackers can upload XML files with XHTML namespace scripts to execute arbitrary JavaScript in users' browsers, potentially bypassing CSRF protections and performing more damaging attacks.
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N
Affected products
Dnnsoftware · DotNetNuke

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://dnnsoftware.com/https://medium.com/@SajjadPourali/dnn-dotnetnuke-cms-not-as-secure-as-you-think-e8516f789175https://www.exploit-db.com/exploits/48124https://www.vulncheck.com/advisories/dotnetnuke-persistent-cross-site-scripting