Vulnerability in EPiServer.Forms
Hello,I have migrated a site to EPiServer 7.5 and downloaded recent Nuget packages (CMS 7.16 and Commerce 8.3) last week. The site works well now, but looks like there is a routing issue for some links in the CMS menu. Here are the links for Edit and Admin modes respectively: "/?moduleArea=Cms&action=Index&controller=Home" class="epi-navigation-global_cms_Home " tabindex="-1" aria-pressed="false">Editand"/secret/CMS/Admin/Default.aspx" class="epi-navigation-global_cms_admin " tabindex="-1" aria-pressed="false">Admin ModeThe second one works fine and I am able to get into Admin Mode, but the first link redirects a browser to the start page. I have noticed that if to manually type '/secret/CMS' in the browser address bar I can reach Edit Mode. The another way to get there is via Quick Navigator where the link to CMS looks similar: '/secret/CMS/#context=epi.cms.contentdata:///38'. But Quick Navigator also contains invalid links, for instance, to Dashboard: 'Dashboard'.I went futher trying to understand how CMS initializes the items in the menu and found the CmsMenuProvider class in EPiServer.Cms.Shell.UI (7.16), the place where the CMS menu is populated with items. Looks like different approaches of url creation are used for Edit and Admin menu items, but the same thing is valid for older assemble versions. But I did not face this issue before the migration. Anyway, I believe the link to the Edit mode I can observe after the migration is invalid. Do you have any ideas what can cause such issues?I was not able to reproduce the problem on the Alloy Tech site that was installed via EPiServer 7.5 Deployment Center. Links are in the same format and valid there.
Thanks in advance.
Did you ever figure this out Nikolay? I have the same issue.
Got the same problem here as well :)
The Silverpop plugin-link renders like this:"/episerver/CMS/Admin/?customdefaultpage=/episerver/EPiServer.ConnectForMarketingAutomation/Views/Admin/Settings.aspx" when i guess it should be like this:"/episerver/EPiServer.ConnectForMarketingAutomation/Views/Admin/Settings.aspx".
have you figured out the solution, I too is facing same isssue when i click on Start for dashboard.
Have you found a solution for this? I have the same problem as Patrick.
Check settings for url to edit and admin in site settings. Also check that you have the correct version of ui addon. Compare with alloy site...