• Login
  • Register

DNN Forums

Ask questions about your website to get help learning DNN and help resolve issues.

cross site attack

You are not authorized to post a reply.
Sort:


New Member


Posts:3
New Member

    Version allow url like http://dnndev.me:8091/Activity-Feed/userId/1/%22onmouseover=%22alert(0x01D39D)

    Response is "http://dnndev.me:8091/Activity-Feed/userId/1?%22onmouseover=%22alert(0x01D39D)" and it is injected on form's post

    <form method="post" action="/Activity-Feed/userId/1?%22onmouseover=%22alert(0x01D39D)" id="Form" enctype="multipart/form-data">

     



    Veteran Member


    Posts:1191
    Veteran Member

      Which version of DNN are you using?
      Joe Craig
      DNN MVP
      Patapsco Research Group


      New Member


      Posts:3
      New Member

        9.10.2

        Thanks



        Veteran Member


        Posts:558
        Veteran Member

          Please report (suspected) security issues at [email protected]
          Tjep's digital agencyRegards,
          Tycho de Waard

          Tjep's digital agency
          We just love DNN
          https://www.tjeps.com
          You are not authorized to post a reply.

          These Forums are dedicated to discussion of DNN Platform.

          For the benefit of the community and to protect the integrity of the ecosystem, please observe the following posting guidelines:

          1. If you have (suspected) security issues, please do not post them in the forums but send an email to [email protected]
          2. No Advertising. This includes promotion of commercial and non-commercial products or services which are not directly related to DNN.
          3. No vendor trolling / poaching. If someone posts about a vendor issue, allow the vendor or other customers to respond. Any post that looks like trolling / poaching will be removed.
          4. Discussion or promotion of DNN Platform product releases under a different brand name are strictly prohibited.
          5. No Flaming or Trolling.
          6. No Profanity, Racism, or Prejudice.
          7. Site Moderators have the final word on approving / removing a thread or post or comment.
          8. English language posting only, please.

          Would you like to help us?

          Awesome! Simply post in the forums using the link below and we'll get you started.

          Get Involved