24/7/365 access to a team of world-class, certified ethical hackers to repair and harden your website.

dotCMS v5.1.1 HTML Injection & XSS Vulnerability

dotCMS v5.1.1 suffers from an HTML injection and XSS vulnerability, in addition to many other vulnerabilities that I am still verifying.

Here’s a screenshot of HTML injection:

To reproduce this vulnerability, simply go to https://dotcms.com/dotAdmin/ and login with their demo credentials (username: [email protected] password: admin) and then visit the following URL:


There are more unconfirmed vulnerabilities in dotCMS.