Acunetix DAST powers runtime capabilities for Invicti’s complete AppSec platform. Visit Invicti for more.

WEB APPLICATION VULNERABILITIES Standard & Premium

Dot CMS Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2018-16980)

Description

dotCMS V5.0.1 has XSS in the /html/portlet/ext/contentlet/image_tools/index.jsp fieldName and inode parameters.

Remediation

References

Related Vulnerabilities

WordPress Plugin Paid Membership, Ecommerce, Registration Form, Login Form, User Profile & Restrict Content-ProfilePress Cross-Site Scripting (1.9.18)

WordPress Plugin Check & Log Email Cross-Site Scripting (0.5.1)

Roundcube Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2018-19206)

Joomla! Core 3.x.x Security Bypass (3.2.0 - 3.9.4)

phpMyFAQ Other Vulnerability (CVE-2004-2257)

Severity

Medium

Classification

CVE-2018-16980 CWE-707 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Tags

Missing Update Known Vulnerabilities