• Login
  • Register

DNN Forums

Ask questions about your website to get help learning DNN and help resolve issues.

cross site attack

You are not authorized to post a reply.

New Member

New Member

    Version allow url like http://dnndev.me:8091/Activity-Feed/userId/1/%22onmouseover=%22alert(0x01D39D)

    Response is "http://dnndev.me:8091/Activity-Feed/userId/1?%22onmouseover=%22alert(0x01D39D)" and it is injected on form's post

    <form method="post" action="/Activity-Feed/userId/1?%22onmouseover=%22alert(0x01D39D)" id="Form" enctype="multipart/form-data">


    Veteran Member

    Veteran Member

      Which version of DNN are you using?
      Joe Craig
      DNN MVP
      Patapsco Research Group

      New Member

      New Member



        Veteran Member

        Veteran Member

          Please report (suspected) security issues at [email protected]
          Tjep's digital agencyRegards,
          Tycho de Waard

          Tjep's digital agency
          We just love DNN
          You are not authorized to post a reply.

          These Forums are dedicated to discussion of DNN Platform.

          For the benefit of the community and to protect the integrity of the ecosystem, please observe the following posting guidelines:

          1. If you have (suspected) security issues, please do not post them in the forums but send an email to [email protected]
          2. No Advertising. This includes promotion of commercial and non-commercial products or services which are not directly related to DNN.
          3. No vendor trolling / poaching. If someone posts about a vendor issue, allow the vendor or other customers to respond. Any post that looks like trolling / poaching will be removed.
          4. Discussion or promotion of DNN Platform product releases under a different brand name are strictly prohibited.
          5. No Flaming or Trolling.
          6. No Profanity, Racism, or Prejudice.
          7. Site Moderators have the final word on approving / removing a thread or post or comment.
          8. English language posting only, please.

          Would you like to help us?

          Awesome! Simply post in the forums using the link below and we'll get you started.

          Get Involved