Version allow url like http://dnndev.me:8091/Activity-Feed/userId/1/%22onmouseover=%22alert(0x01D39D)
Response is "http://dnndev.me:8091/Activity-Feed/userId/1?%22onmouseover=%22alert(0x01D39D)" and it is injected on form's post
<form method="post" action="/Activity-Feed/userId/1?%22onmouseover=%22alert(0x01D39D)" id="Form" enctype="multipart/form-data">
These Forums are dedicated to discussion of DNN Platform.
For the benefit of the community and to protect the integrity of the ecosystem, please observe the following posting guidelines:
Awesome! Simply post in the forums using the link below and we'll get you started.