CVE-2008-2397

Name of the Vulnerable Software and Affected Versions: dotCMS versions 1.x

Description: A cross-site scripting (XSS) issue exists, allowing remote attackers to inject arbitrary web script or HTML via the search query parameter in the search-results.dot file.

Recommendations: For dotCMS version 1.x, update the search-results.dot file to properly sanitize the search query parameter to prevent XSS attacks. As a temporary workaround, consider restricting access to the search functionality until a patch is available.