Fortinet Discovers dotCMS Multiple Cross-Site Scripting Vulnerability
Fortinet's FortiGuard Labs had discovered a Cross-Site Scripting (XSS) vulnerability in dotCMS Admin Portal.
dotCMS is an open source content management system (CMS) written in Java for managing content and content driven sites and applications.
vulnerability is caused by insufficient input sanitization in dotCMS Core. Upon
successful exploitation, it allows attackers to launch client-side
script execution in the browser's process context.
SolutionsFortiGuard Labs released the following FortiGate IPS signature which covers this specific vulnerability:
Released Aug 02, 2022
Users should always enable XSS Prevention feature on dotCMS
The vulnerability affected dotCMS Core.
Fortinet reported the vulnerability to dotCMS on 10 June, 2022.
dotCMS confirmed the vulnerability on 25th June, 2022 and concluded it as a no-fix issue.