CVE-2020-37103

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2020-37103
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-37103.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2020-37103
Published
2026-02-03T18:16:10.470Z
Modified
2026-03-15T22:36:24.775545Z
Severity
  • 5.4 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
Summary
[none]
Details

DotNetNuke 9.5 contains a persistent cross-site scripting vulnerability that allows normal users to upload malicious XML files with executable scripts through journal tools. Attackers can upload XML files with XHTML namespace scripts to execute arbitrary JavaScript in users' browsers, potentially bypassing CSRF protections and performing more damaging attacks.

References

Affected packages

Git / github.com/dnnsoftware/dnn.platform

Affected ranges

Type
GIT
Repo
https://github.com/dnnsoftware/dnn.platform
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
a9dc20241848536a3412b1aed889e1d39848abd9
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "9.5.0"
        }
    ]
}

Affected versions

v7.*
v7.2.1.367-stable
v7.3.2.109-stable
v9.*
v9.1.0
v9.2.0
v9.2.1
v9.2.1-rc0
v9.2.1-rc1
v9.2.2
v9.2.2-rc0
v9.2.2-rc1
v9.2.2-rc2
v9.2.2-rc3
v9.3.0
v9.3.0-rc0
v9.3.0-rc1
v9.3.0-rc2
v9.3.1
v9.3.1-rc0
v9.3.2
v9.3.2-rc0
v9.4.0
v9.4.0-rc0
v9.4.0-rc1
v9.4.1
v9.4.1-rc1
v9.4.2
v9.4.2-rc1
v9.4.3
v9.4.3-rc1
v9.4.4
v9.4.4-rc1
v9.5.0
v9.5.0-rc1
v9.5.0-rc2

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-37103.json"