Leedavi

Name of the Vulnerable Software and Affected Versions: DNN versions prior to 9.13.4 Description: The issue allows manipulation of a URL for the ImageHandler to render text from a querystring parameter. This text would be displayed in the resulting image, potentially deceiving users who trust the domain into thinking the information is legitimate. Recommendations: For versions prior to 9.13.4, update to version 9.13.4 to resolve the issue. As a temporary workaround, consider restricting access to the ImageHandler until the update is applied.