A customer of ours uses Umbraco forms, version 8.13.9.
There is a form that uses (used) the 'Send email' (without template) workflow, and something strange happens here.
First of all, there is an option to do an HTML injection on normal forms, which is logical, because it literally takes over the entered value. (Although I do believe that this should have been stripped as well)
In addition, we received the notification that sometimes, CC messages are being sent (although this has not been set) to random e-mail addresses (who have previously completed a form on the website). These e-mail addresses suddenly appear in the CC field (in the mail headers), and this sensitive data ends up with random people.
Have you received previous reports about this / do you have a solution for this? Or is there a clarification for that?
Random CC mailing (Bug?)
Hi all,
A customer of ours uses Umbraco forms, version 8.13.9.
There is a form that uses (used) the 'Send email' (without template) workflow, and something strange happens here.
First of all, there is an option to do an HTML injection on normal forms, which is logical, because it literally takes over the entered value. (Although I do believe that this should have been stripped as well)
In addition, we received the notification that sometimes, CC messages are being sent (although this has not been set) to random e-mail addresses (who have previously completed a form on the website). These e-mail addresses suddenly appear in the CC field (in the mail headers), and this sensitive data ends up with random people.
Have you received previous reports about this / do you have a solution for this? Or is there a clarification for that?
I'd love to hear it, thanks in advance!
is working on a reply...