CVE-2022-37431

Name of the Vulnerable Software and Affected Versions dotCMS Core versions through 22.06

Description The issue is related to a Reflected Cross-site scripting (XSS) problem in the admin portal of dotCMS Core. This occurs when the configuration has XSS PROTECTION ENABLED set to false. The vulnerability can be exploited by a remote attacker to perform cross-site scripting attacks.

Recommendations For dotCMS Core versions through 22.06, consider setting XSS PROTECTION ENABLED to true to mitigate the risk of exploitation. As a temporary workaround, restrict access to the admin portal until a patch is available.