Description
Cross Site Scripting (XSS) in dotCMS v5.1.5 allows remote attackers to execute arbitrary code by injecting a malicious payload into the "Task Detail" comment window of the "/dotAdmin/#/c/workflow" component.
Remediation
References
Related Vulnerabilities
WordPress Plugin iThemes Security (formerly Better WP Security) Security Bypass (5.3.0)
WordPress Plugin CM Download Manager Arbitrary File Upload (2.8.5)
MySQL CVE-2019-2534 Vulnerability (CVE-2019-2534)
RubyGems Cryptographic Issues Vulnerability (CVE-2013-4363)
WordPress Plugin Booking Calendar-Clockwork SMS Cross-Site Scripting (1.0.5)