Hi All,
I am just new on DNN. We have a company that scans our websites which runs under DNN Community. The company have picked up some security vulnerabilities from some of the pages. On this page "ImageChallenge.captcha.aspx" the company found the following:
Threat A test payload generated a syntax error within the Web application. This often points to a problem with input validation routines or lack of filters on user-supplied content. Impact A malicious user may be able to create a denial of service, serious error, or exploit depending on the error encountered by the Web application. Solution The Web application should restrict user-supplied data to consist of a minimal set of characters necessary for the input field. Additionally, all content received from the client (i.e. Web browser) should be validated to an expected format or checked for malicious content. Detection Information Parameter It. And on the login page it found that the page is submitting the data using http instead of https.