CVE-2018-19554

Name of the Vulnerable Software and Affected Versions Dotcms versions prior to 5.0.4

Description An issue was discovered that allows attackers to perform XSS attacks. The attack can be performed via the inode, identifier, or fieldName parameter in the "html/js/dotcms/dijit/image/image tool.jsp" endpoint.

Recommendations For versions prior to 5.0.4, update to version 5.0.4 or later to resolve the issue. As a temporary workaround, consider restricting access to the "html/js/dotcms/dijit/image/image tool.jsp" endpoint and avoid using the inode, identifier, or fieldName parameters until the issue is resolved.