Skip to content

Fix XSLT Scripting Exploit #261

Closed
Closed
@wezell

Description

@wezell

Using the XSLT tool. it is possible to get shell access on the server running dotCMS. We need to force a user to have scripting turned on and have the correct scripting role in order to use the XSLT tool.

Metadata

Metadata

Labels

No labels
No labels

Type

No type

Projects

No projects

Milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions