You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Describe the bug
Hi Team
I found small reflected xss dotcms/dotcms:21.05.1
install: Docker: dotcms/dotcms:21.05.1
To Reproduce
Login Admin panel
vuln link1: 'dotAdmin/#/c/containers'
vuln link2: 'dotAdmin/#/c/links'
insert payload: ">
para: 'SEARCH'
Boom XSS
impact
Commonly include transmitting private data, like cookies or other session information, to the attacker, redirecting the victim to web content controlled by the attacker, or performing other malicious operations on the user’s machine under the guise of the vulnerable site.
Screenshots
xss link1:
xss link2:
Desktop (please complete the following information):
OS: Win 10
Browser Chrome: Version 91.0.4472.77 (Official Build) (64-bit)
The text was updated successfully, but these errors were encountered:
This is a known issue with some of the older admin screens and takes administrative access to exploit. Additionally, dotCMS does not allow http-referers from outside of the known list of sites that it serves, which prevents XSS vulnerabilities like these from being exploitable in the wild.
Describe the bug
Hi Team
I found small reflected xss dotcms/dotcms:21.05.1
install: Docker: dotcms/dotcms:21.05.1
To Reproduce
impact
Commonly include transmitting private data, like cookies or other session information, to the attacker, redirecting the victim to web content controlled by the attacker, or performing other malicious operations on the user’s machine under the guise of the vulnerable site.
Screenshots
xss link1:
xss link2:
Desktop (please complete the following information):
The text was updated successfully, but these errors were encountered: