dotCMS v5.1.1 suffers from an Open Redirect Vulnerability, in addition to many other vulnerabilities that I am still verifying.
The following URL is a proof-of-concept that requires a user to be logged in. Simply login to the demo before visiting the supplied POC.
Logging into the demo requires you to go to https://demo.dotcms.com/dotAdmin and log in with the demo credentials (username: [email protected] password: admin).
POC link: https://demo.dotcms.com/html/portlet/ext/common/page_preview_popup.jsp?hostname=google.com/test.html