Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

DotCMS v5.1.5 stored xss vul. #16890

Closed
graySava opened this issue Jul 19, 2019 · 1 comment
Closed

DotCMS v5.1.5 stored xss vul. #16890

graySava opened this issue Jul 19, 2019 · 1 comment

Comments

@graySava
Copy link

graySava commented Jul 19, 2019

hi,
I've found a xss vul on DotCMS v5.1.5,it allows remote attackers to insert js code
and print cookie.Some screenshots below.
1.url: http://...*:8088/dotAdmin/#/c/workflow
Home->Task->landing page
1
add payload in comments windows ,and submit.
_20190719113233
use burpsuite to intercept this request
_20190719113204
click Home->Task->landing page again you will see the alert
_20190719114646

jdotcms added a commit that referenced this issue Aug 16, 2019
jgambarios added a commit that referenced this issue Aug 19, 2019
jgambarios pushed a commit that referenced this issue Aug 19, 2019
#17021)

* #16890 renaming the content_type_workflow_action_mapping to workflow_action_mappings

* #16890 reformatting the oracle creates table

* #16890 removing for oracle the ; on the sql statements

* #16890 removing for oracle the ; on the sql statements

* #16890
@stale
Copy link

stale bot commented Oct 23, 2019

This issue has been automatically marked as stale because it has not had activity within the past 90 days. It will be closed in 30 days no further activity occurs. Thank you.

@stale stale bot added the wontfix label Oct 23, 2019
@stale stale bot closed this as completed Nov 22, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

No branches or pull requests

1 participant