Description /servlets/ajax_file_upload?fieldName=binary3 in dotCMS 5.1.1 allows XSS and HTML Injection. Remediation References CVE-2019-11846 Related Vulnerabilities WebLogic CVE-2021-2382 Vulnerability (CVE-2021-2382) WordPress Plugin Zephyr Project Manager Multiple Vulnerabilities (3.2.42) Magento Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2019-8130) WordPress 4.1.x Multiple Vulnerabilities (4.1 - 4.1.14) WordPress Plugin YITH WooCommerce Multi Vendor Cross-Site Scripting (3.8.0) Severity Medium Classification CVE-2019-11846 CWE-707 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Tags Missing Update Known Vulnerabilities