## https://sploitus.com/exploit?id=PACKETSTORM:153152
Read full vulnerability report @ https://secureli.com/dotcms-v5-1-1-open-redirect-vulnerability/
dotCMS v5.1.1 suffers from an Open Redirect Vulnerability, in addition to many other vulnerabilities that I am still verifying.
The following URL is a proof-of-concept that requires a user to be logged in. Simply login to the demo before visiting the supplied POC.
Logging into the demo requires you to go to https://demo.dotcms.com/dotAdmin and log in with the demo credentials (username: admin@dotcms.com password: admin).
POC link: https://demo.dotcms.com/html/portlet/ext/common/page_preview_popup.jsp?hostname=google.com/test.html
Read full vulnerability report @ https://secureli.com/dotcms-v5-1-1-html-injection-xss-vulnerability/
dotCMS v5.1.1 suffers from an HTML injection and XSS vulnerability, in addition to many other vulnerabilities that I am still verifying.
There's a screenshot available on my blog link above.
To reproduce this vulnerability, simply go to https://dotcms.com/dotAdmin/ and login with their demo credentials (username: admin@dotcms.com password: admin) and then visit the following URL:
https://demo.dotcms.com/html/portlet/ext/files/edit_text_inc.jsp?referer=%22%3EHTML%20Code%20Injection%20Here%20and%20XSS%20Vulnerability%20%3Cbr%3E%3Cbr%3E
There are more unconfirmed vulnerabilities in dotCMS.