Description

Cross Site Scripting (XSS) in dotCMS v5.1.5 allows remote attackers to execute arbitrary code by injecting a malicious payload into the "Task Detail" comment window of the "/dotAdmin/#/c/workflow" component.

Remediation

References

CVE-2020-17542

Related Vulnerabilities

WordPress Plugin iThemes Security (formerly Better WP Security) Security Bypass (5.3.0)

WordPress Plugin CM Download Manager Arbitrary File Upload (2.8.5)

MySQL CVE-2019-2534 Vulnerability (CVE-2019-2534)

RubyGems Cryptographic Issues Vulnerability (CVE-2013-4363)

WordPress Plugin Booking Calendar-Clockwork SMS Cross-Site Scripting (1.0.5)

Severity

Medium

Classification

CVE-2020-17542 CWE-707 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Tags

Missing Update Known Vulnerabilities