24/7/365 access to a team of world-class, certified ethical hackers to repair and harden your website.

dotCMS v5.1.1 Open Redirect Vulnerability

dotCMS v5.1.1 suffers from an Open Redirect Vulnerability, in addition to many other vulnerabilities that I am still verifying.

The following URL is a proof-of-concept that requires a user to be logged in. Simply login to the demo before visiting the supplied POC.

Logging into the demo requires you to go to https://demo.dotcms.com/dotAdmin and log in with the demo credentials (username: admin@dotcms.com password: admin).

POC link: https://demo.dotcms.com/html/portlet/ext/common/page_preview_popup.jsp?hostname=google.com/test.html