CVE-2016-3971

Name of the Vulnerable Software and Affected Versions dotCMS versions prior to 3.5.1

Description The issue is related to a cross-site scripting (XSS) vulnerability. It allows remote attackers to inject arbitrary web script or HTML via the query parameter to the "c/portal/layout" endpoint, specifically in the lucene search.jsp file.

Recommendations For versions prior to 3.5.1, update to version 3.5.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the lucene search.jsp file or disabling the query parameter until a patch is applied.