Share
Read full vulnerability report @ https://secureli.com/dotcms-v5-1-1-open-redirect-vulnerability/  
  
dotCMS v5.1.1 suffers from an Open Redirect Vulnerability, in addition to many other vulnerabilities that I am still verifying.  
  
The following URL is a proof-of-concept that requires a user to be logged in. Simply login to the demo before visiting the supplied POC.  
  
Logging into the demo requires you to go to https://demo.dotcms.com/dotAdmin and log in with the demo credentials (username: admin@dotcms.com password: admin).  
  
POC link: https://demo.dotcms.com/html/portlet/ext/common/page_preview_popup.jsp?hostname=google.com/test.html  
  
  
Read full vulnerability report @ https://secureli.com/dotcms-v5-1-1-html-injection-xss-vulnerability/  
  
dotCMS v5.1.1 suffers from an HTML injection and XSS vulnerability, in addition to many other vulnerabilities that I am still verifying.  
  
There's a screenshot available on my blog link above.  
  
To reproduce this vulnerability, simply go to https://dotcms.com/dotAdmin/ and login with their demo credentials (username: admin@dotcms.com password: admin) and then visit the following URL:  
  
https://demo.dotcms.com/html/portlet/ext/files/edit_text_inc.jsp?referer=%22%3EHTML%20Code%20Injection%20Here%20and%20XSS%20Vulnerability%20%3Cbr%3E%3Cbr%3E  
  
There are more unconfirmed vulnerabilities in dotCMS.