Description
Multiple cross-site scripting (XSS) vulnerabilities in dotCMS before 2.3.2 allow remote attackers to inject arbitrary web script or HTML via the (1) _loginUserName parameter to application/login/login.html, (2) my_account_login parameter to c/portal_public/login, or (3) email parameter to forgotPassword.
Remediation
References
Related Vulnerabilities
Apache Tomcat CVE-2012-5568 Vulnerability (CVE-2012-5568)
SharePoint CVE-2023-28288 Vulnerability (CVE-2023-28288)
WordPress Plugin Social Sticky Animated Backdoor (1.0)
PHPFusion Multiple SQL Injection Vulnerabilities (CVE-2014-8596)
Liferay Portal Insufficient Session Expiration Vulnerability (CVE-2021-33322)