CVE-2020-5186: 
C# vulnerability analysis and mitigation

DNN (formerly DotNetNuke) through version 9.4.4 was discovered to contain a Cross-Site Scripting (XSS) vulnerability. The vulnerability was discovered and reported in July 2019 and was publicly disclosed on February 23, 2020. The vulnerability affects the XML file upload functionality in the user profile journal tools (DNN Blog).

The vulnerability allows normal users to upload XML files through journal tools in their profile. The issue stems from improper handling of XML namespaces, specifically the 'http://www.w3.org/1999/xhtml' namespace, which permits the execution of XHTML tags. An attacker could upload malicious XML files that execute arbitrary JavaScript code in users' browsers (DNN Blog).

While the vulnerability cannot be used to steal authentication cookies (as they are protected by HttpOnly flags), it can be leveraged to perform other attacks. The XSS vulnerability could potentially be used to bypass CSRF protections, which could lead to more severe attacks such as uploading backdoor files with '.aspx' extensions through the settings page (DNN Blog).

As of the last reported information, this vulnerability remained unpatched even after multiple reports to the DNN Security team. The issue was initially reported on July 18, 2019, with follow-up communications continuing through February 2020, but no fix was implemented (DNN Blog).

The vulnerability disclosure highlighted concerns about DNN's security response process. Despite DNN's claims of passing stringent vulnerability tests from Government Agencies and Financial Institutions, the security researcher found multiple vulnerabilities during a quick analysis, and the response to these findings was notably slow (DNN Blog).