CVE-2018-17422

Name of the Vulnerable Software and Affected Versions dotCMS versions prior to 5.0.2

Description The issue concerns open redirects. Specifically, it affects the FORWARD URL parameter in the html/common/forward js.jsp endpoint and the hostname parameter in the html/portlet/ext/common/page preview popup.jsp endpoint.

Recommendations For versions prior to 5.0.2, update to version 5.0.2 or later to resolve the issue. As a temporary workaround, consider restricting access to the vulnerable endpoints, specifically the html/common/forward js.jsp and html/portlet/ext/common/page preview popup.jsp pages, to minimize the risk of exploitation. Avoid using the FORWARD URL and hostname parameters in the affected endpoints until the issue is resolved.