PT-2017-13914 · Dotcms · Dotcms

Brett Dewall

Published

2017-10-10

Updated

2017-10-25

CVE-2017-15219

CVSS v3.1

5.4

Medium

Vector

AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions dotCMS version 4.1.1

Description The issue affects the dotCMS application, where a Stored Cross-Site Scripting (XSS) vulnerability is present. This vulnerability impacts the Title field of vanity-urls, the Description field of containers, and the Description field of templates.

Recommendations For dotCMS version 4.1.1, consider restricting access to the vulnerable fields, specifically the Title field of vanity-urls, the Description field of containers, and the Description field of templates, until a patch is available. As a temporary workaround, avoid using these fields to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2017-15219

Affected Products

Dotcms

PT-2017-13914 · Dotcms · Dotcms

CVE-2017-15219

Weakness Enumeration

Related Identifiers

Affected Products

References · 4