New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
DotCMS v5.1.5 stored xss vul. #16890
Labels
Comments
jdotcms
added a commit
that referenced
this issue
Aug 16, 2019
jdotcms
added a commit
that referenced
this issue
Aug 16, 2019
jdotcms
added a commit
that referenced
this issue
Aug 16, 2019
|
This issue has been automatically marked as stale because it has not had activity within the past 90 days. It will be closed in 30 days no further activity occurs. Thank you. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
hi,




I've found a xss vul on DotCMS v5.1.5,it allows remote attackers to insert js code
and print cookie.Some screenshots below.
1.url: http://...*:8088/dotAdmin/#/c/workflow
Home->Task->landing page
add payload in comments windows ,and submit.
use burpsuite to intercept this request
click Home->Task->landing page again you will see the alert
The text was updated successfully, but these errors were encountered: