Dotcms · Dotcms · CVE-2016-3971
**Name of the Vulnerable Software and Affected Versions**
dotCMS versions prior to 3.5.1
**Description**
The issue is related to a cross-site scripting (XSS) vulnerability. It allows remote attackers to inject arbitrary web script or HTML via the `query` parameter to the "c/portal/layout" endpoint, specifically in the lucene search.jsp file.
**Recommendations**
For versions prior to 3.5.1, update to version 3.5.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the lucene search.jsp file or disabling the query parameter until a patch is applied.