DNN.Wiki icon indicating copy to clipboard operation
DNN.Wiki copied to clipboard
verified publisher icon DNNCommunity

PCI Compliance Issues

Open bradhurley opened this issue 10 years ago • 1 comments

A PCI scan of my website identified injection attack issues with the Wiki module.

I did some testing and was able to execute some javascript code on a Wiki page in one of two ways:

  1. By putting the script in the query string (i.e., wiki?topic=

  2. By putting the script in a Wiki comment

Are there any plans to resolve these issues?

bradhurley avatar Aug 01 '15 19:08 bradhurley

(Irony) This wiki happened to strip out the script tag that I tried to include in my example above.

bradhurley avatar Aug 01 '15 19:08 bradhurley