Version allow url like http://dnndev.me:8091/Act...r=%22alert(0x01D39D)
Response is "http://dnndev.me:8091/Act...lert(0x01D39D)" and it is injected on form's post
<form method="post" action="/Activity-Feed/userId/1?%22onmouseover=%22alert(0x01D39D)" id="Form" enctype="multipart/form-data">
9.10.2
Thanks
These Forums are dedicated to the discussion of DNN Platform.
For the benefit of the community and to protect the integrity of the ecosystem, please observe the following posting guidelines:
Awesome! Simply post in the forums using the link below and we'll get you started.