Vulnerability in EPiServer.Forms

Try our conversational search powered by Generative AI!

Jens Nygård
Dec 2, 2010
  3853
(0 votes)

Important information to those running EPiServer CMS 4

It has come to our attention that the e-mail functionality delivered with the sample package for CMS 4 is in fact used in some public web applications. If this sample functionality is used without intended modification, it is possible for spambots to actively utilize the functionality and send unsolicited messages or bulk e-mail spam through the SMTP service.

We strongly advise all concerned parties to undertake necessary actions  to ensure that the situation is remedied.  We recommend that the e-mail template file and all subsequent references are removed from the web application. If the e-mail sample functionality is to be used we strongly recommend that proper relay restrictions are setup and that appropriate logic to prevent spambots from exploiting this functionality is implemented.

If you have any questions or concerns, you are welcome to contact EPiServer Developer Support.

Dec 02, 2010

Comments

Please login to comment.
Latest blogs
A day in the life of an Optimizely Developer - Optimizely CMS 12: The advantages and considerations when exploring an upgrade

GRAHAM CARR - LEAD .NET DEVELOPER, 28 Nov 2023 In 2022, Optimizely released CMS 12 as part of its ongoing evolution of the platform to help provide...

Graham Carr | Nov 28, 2023

A day in the life of an Optimizely Developer - OptiUKNorth Meetup January 2024

It's time for another UK North Optimizely meet up! After the success of the last one, Ibrar Hussain (26) and Paul Gruffydd (Kin + Carta) will be...

Graham Carr | Nov 28, 2023

Publish content to Optimizely CMS using a custom GPT from OpenAI 🤖

Do you find the traditional editor interface complicated and cluttered? Would you like an editorial AI assistant you can chat with? You can!

Tomas Hensrud Gulla | Nov 28, 2023 | Syndicated blog

Optimizely Graph and Next.js: Building Scalable Headless Solutions

Optimizely Graph harnesses the capabilities of GraphQL, an intuitive and efficient query language to, transform content within an Optimizely CMS in...

Szymon Uryga | Nov 27, 2023

Getting Started with Optimizely SaaS Core and Next.js Integration: Testing Content Updates

The blog post discusses the challenges of content updates on a website using Optimizely CMS, Next.js, and the Apollo Client due to Apollo's local...

Francisco Quintanilla | Nov 27, 2023 | Syndicated blog

Performance optimization – the hardcore series – part 4

Let’s take a break from the memory allocation, and do some optimization on another aspect, yet as important (if not even more important) – database...

Quan Mai | Nov 25, 2023 | Syndicated blog