Hello,
I'm approaching the forumn after I had contacted the security@dnnsoftware but its been almost a month and we need to do something about this vulnerability. Please have a look at this. We have found one security issue realted to reflected XSS on the below URL https://demo.mysite.com/t...ome/ctl/SendPassword Risk: This module tries to inject new statements into th HTML markup, In an XSS attack, an attacker mayexecute any ariberty JavaScript in the origin of the afftected application. ex: (post javascript text in the email filed) We can insert the below text in the email/username field and it will show the javascript and execute after POST (Send Request Link) alert(1) (removed script tag as not letting me post here)
Hello. I've reached out to some folks. It's not normal to not get a reply from someone using that email alias.
These Forums are dedicated to the discussion of DNN Platform.
For the benefit of the community and to protect the integrity of the ecosystem, please observe the following posting guidelines:
Awesome! Simply post in the forums using the link below and we'll get you started.