CVE-2020-37103

Name of the Vulnerable Software and Affected Versions DotNetNuke version 9.5

Description A persistent cross-site scripting issue allows normal users to upload malicious XML files containing executable scripts via journal tools. By uploading XML files with XHTML namespace scripts, attackers can execute arbitrary JavaScript in the browsers of other users, which may lead to the bypass of Cross-Site Request Forgery (CSRF) protections—a mechanism used to prevent unauthorized commands from being transmitted from a user the web application trusts.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.