Read full vulnerability report @ https://secureli.com/dotcms-v5-1-1-open-redirect-vulnerability/
dotCMS v5.1.1 suffers from an Open Redirect Vulnerability, in addition to many other vulnerabilities that I am still verifying.
The following URL is a proof-of-concept that requires a user to be logged in. Simply login to the demo before visiting the supplied POC.
Logging into the demo requires you to go to https://demo.dotcms.com/dotAdmin and log in with the demo credentials (username: firstname.lastname@example.org password: admin).
POC link: https://demo.dotcms.com/html/portlet/ext/common/page_preview_popup.jsp?hostname=google.com/test.html
Read full vulnerability report @ https://secureli.com/dotcms-v5-1-1-html-injection-xss-vulnerability/
dotCMS v5.1.1 suffers from an HTML injection and XSS vulnerability, in addition to many other vulnerabilities that I am still verifying.
There's a screenshot available on my blog link above.
To reproduce this vulnerability, simply go to https://dotcms.com/dotAdmin/ and login with their demo credentials (username: email@example.com password: admin) and then visit the following URL:
There are more unconfirmed vulnerabilities in dotCMS.