Join GitHub today
GitHub is home to over 40 million developers working together to host and review code, manage projects, and build software together.Sign up
dotcms V5.0.1 exists xss in /html/portlet/ext/contentlet/image_tools/index.jsp parameter "fieldName" and "inode"
Steps to Reproduce (for bugs)
Tried to access several urls under /htm/*
Everything else will enforce user authentication.
Also tried opening an invalid url under /html/* and then login my self out. Once the session is closed. The url autmatically becomes restricted again.
As a side note these URLs are case sensitive.
so for example
Note that the first url says Html while the second one says html.