CVE-2020-5186
Description
DNN (formerly DotNetNuke) through 9.4.4 allows XSS (issue 1 of 2).
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
DNN (DotNetNuke) through 9.4.4 is vulnerable to cross-site scripting (XSS), issue 1 of 2.
Vulnerability
Description CVE-2020-5186 is a cross-site scripting (XSS) vulnerability in DNN (formerly DotNetNuke) through version 9.4.4. This is the first of two related XSS issues reported. The exact injection point is not detailed in the public advisory, but it allows an attacker to inject malicious scripts into web pages served by the application.
Exploitation
Exploitation typically requires an authenticated user to interact with a crafted link or input that triggers the script injection. The attacker may need to have some level of access to the DNN site, such as a content editor role, to inject the payload. Network access to the application is sufficient; no special privileges beyond authentication are necessary.
Impact
Successful exploitation could allow an attacker to execute arbitrary JavaScript in the context of the victim's session, leading to session hijacking, defacement, or theft of sensitive information. The attack could also be used to perform actions on behalf of the victim.
Mitigation
The vulnerability is addressed in a later release of DNN. Users are advised to update to a version higher than 9.4.4. The official GitHub repository provides the latest releases [2].
AI Insight generated on May 21, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
DotNetNuke.CoreNuGet | <= 9.4.4 | — |
Affected products
2- DNN/DNNdescription
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
5- github.com/advisories/GHSA-9phr-h5mx-4fp6ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2020-5186ghsaADVISORY
- medium.com/%40SajjadPourali/dnn-dotnetnuke-cms-not-as-secure-as-you-think-e8516f789175mitrex_refsource_MISC
- medium.com/@SajjadPourali/dnn-dotnetnuke-cms-not-as-secure-as-you-think-e8516f789175ghsaWEB
- packetstormsecurity.com/files/156483/DotNetNuke-CMS-9.5.0-Cross-Site-Scripting.htmlghsax_refsource_MISCWEB
News mentions
0No linked articles in our index yet.