{"vars":{{"pagePostType":"post","pagePostType2":"single-post","pageCategory":["advisory","hacked-website-repair","security","vulnerability","webapp","website-malware-removal"],"pagePostAuthor":"Secureli Support"}} }
SECURELI

dotCMS v5.1.1 HTML Injection & XSS Vulnerability

Secureli Support

dotCMS v5.1.1 suffers from an HTML injection and XSS vulnerability, in addition to many other vulnerabilities that I am still verifying.

Here’s a screenshot of HTML injection:

To reproduce this vulnerability, simply go to https://dotcms.com/dotAdmin/ and login with their demo credentials (username: admin@dotcms.com password: admin) and then visit the following URL:

https://demo.dotcms.com/html/portlet/ext/files/edit_text_inc.jsp?referer=%22%3EHTML%20Code%20Injection%20Here%20and%20XSS%20Vulnerability%20%3Cbr%3E%3Cbr%3E

There are more unconfirmed vulnerabilities in dotCMS.

Exit mobile version