Hello,
The security audit returned by our scanning software (Acunetix) recently reported this error related to DMX version 6.1.15:
URL encoded POST input Cart_dnn_ctr574_Dispatch_ajaxtwopanel_CommandCallBack_Callback_Param was set to Phrase'"()&%
<ScRiPt >ODol(9792) <br /> </ScRiPt> <br /> <br /> Details (sensitive information replaced with "withheld"): <br /> <br /> POST /Default.aspx?TabID=151 HTTP/1.1 <br /> Content-Length: 1640 <br /> Content-Type: application/x-www-form-urlencoded <br /> Referer: https://withheld/ <br /> Cookie: <br /> .ASPXANONYMOUS=withheld language=en-US; __RequestVerificationToken=withheld <br /> ASP.NET_SessionId=withheld USERNAME_CHANGED= <br /> Host: withheld <br /> Connection: Keep-alive <br /> Accept-Encoding: gzip,deflate <br /> User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0; Acunetix) like Gecko <br /> Acunetix-Product: WVS/11.0 (Acunetix - WVSE) <br /> Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED <br /> Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm <br /> Accept: */* <br /> Cart_dnn_ctr574_Dispatch_ajaxtwopanel_CommandCallBack_Callback_Param=Phrase'"()%26%25<acx><ScRiPt%20>ODol(9792) <br /> </ScRiPt>&Cart_dnn_ctr574_Dispatch_ajaxtwopanel_CommandCallBack_Callback_Param=e&Cart_dnn_ctr574_Dispatch_ajaxtwopanel_Comm <br /> andCallBack_Callback_Param=Att_SyncFolder&Cart_dnn_ctr574_Dispatch_ajaxtwopanel_CommandCallBack_Callback_Param=e&Cart_dnn_c <br /> tr574_Dispatch_ajaxtwopanel_CommandCallBack_Callback_Param=true&Cart_dnn_ctr574_Dispatch_ajaxtwopanel_CommandCallBack_Callb <br /> ack_Param=all&Cart_dnn_ctr574_Dispatch_ajaxtwopanel_CommandCallBack_Callback_Param=-2&Cart_dnn_ctr574_Dispatch_ajaxtwopanel <br /> _CommandCallBack_Callback_Param=false&Cart_dnn_ctr574_Dispatch_ajaxtwopanel_CommandCallBack_Callback_Param=true&Cart_dnn_ct <br /> r574_Dispatch_ajaxtwopanel_CommandCallBack_Callback_Param=AND&Cart_dnn_ctr574_Dispatch_ajaxtwopanel_CommandCallBack_Callbac <br /> k_Param=Phrase&Cart_dnn_ctr574_Dispatch_ajaxtwopanel_CommandCallBack_Callback_Param=e&Cart_dnn_ctr574_Dispatch_ajaxtwopanel <br /> _CommandCallBack_Callback_Param=true&Cart_dnn_ctr574_Dispatch_ajaxtwopanel_CommandCallBack_Callback_Param=Phrase&Cart_dnn_c <br /> tr574_Dispatch_ajaxtwopanel_CommandCallBack_Callback_Param=RegularSearch&Cart_dnn_ctr574_Dispatch_ajaxtwopanel_CommandCallB <br /> ack_Callback_Param=Att_SyncFolder&Cart_dnn_ctr574_Dispatch_ajaxtwopanel_CommandCallBack_Callback_Param=true&Cart_dnn_ctr574 <br /> _Dispatch_ajaxtwopanel_CommandCallBack_Callback_Param=Att_SyncFolder&Cart_dnn_ctr574_Dispatch_ajaxtwopanel_CommandCallBack_ <br /> Callback_Param=e&Cart_dnn_ctr574_Dispatch_ajaxtwopanel_CommandCallBack_Callback_Param=Att_SyncFolder&Cart_dnn_ctr574_Dispat <br /> ch_ajaxtwopanel_CommandCallBack_Callback_Param=Phrase <br /> <br /> <br /> <br /> When we tested this finding in a test POST, this is what was returned: <br /> <br /> <CallbackContent><![CDATA[<script type="text/javascript">cbresult = {"result": {"isinerror": "false", "showpopup": "false", "message": "", "content": "", "command": "Phrase'"()&%<acx><ScRiPt >ODol(9792)</ScRiPt>", "argslist": "e"}};</script>]]></CallbackContent> <br /> <br /> Content like this should be escaped. <br /> <br /> If this has been fixed in version .16 or .17, please disregard, as we are upgrading to .17 <br /> <br /> DNN Version: 9.1.0 <br /> <br /> Thanks