I recently I noticed some emails in the Users table that were attempted XSS attacks and would not have passed validation normally. Upon further investigation I found these users all had an irregular value in the 'CreatedByUserId' field in the Users table - that is normally users have a -1 value but in this case they all had the value of another userid (the UserId of the first user account to try the xss attack). So somehow this user is at the very least creating accounts? I checked the normal stuff like roles etc. and this user does not have any special roles nor page permissions. I logged in as this user and could not hit any pages I shouldn't be able to. Any ideas what's happening?
DNN version: 06.01.03 Professional