Description
A Reflected Cross-site scripting (XSS) issue was discovered in dotCMS Core through 22.06. This occurs in the admin portal when the configuration has XSS_PROTECTION_ENABLED=false. NOTE: the vendor disputes this because the current product behavior, in effect, has XSS_PROTECTION_ENABLED=true in all configurations
Remediation
References
Related Vulnerabilities
Roundcube Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2020-12626)
WordPress Plugin File Manager Information Disclosure (6.4)
MySQL CVE-2017-3648 Vulnerability (CVE-2017-3648)
Apache Traffic Server CVE-2024-31309 Vulnerability (CVE-2024-31309)
Moodle Permissions, Privileges, and Access Controls Vulnerability (CVE-2012-2356)