CVE-2017-15219

Name of the Vulnerable Software and Affected Versions dotCMS version 4.1.1

Description The issue affects the dotCMS application, where a Stored Cross-Site Scripting (XSS) vulnerability is present. This vulnerability impacts the Title field of vanity-urls, the Description field of containers, and the Description field of templates.

Recommendations For dotCMS version 4.1.1, consider restricting access to the vulnerable fields, specifically the Title field of vanity-urls, the Description field of containers, and the Description field of templates, until a patch is available. As a temporary workaround, avoid using these fields to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.