Description

Cross-site scripting (XSS) vulnerability in search-results.dot in dotCMS 1.x allows remote attackers to inject arbitrary web script or HTML via the search_query parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

Remediation

References

CVE-2008-2397

Related Vulnerabilities

PHP Integer Overflow or Wraparound Vulnerability (CVE-2017-9120)

WordPress Plugin Blog2Social:Social Media Auto Post & Scheduler Security Bypass (6.9.11)

WordPress 4.0.x Denial of Service Vulnerability (4.0 - 4.0.22)

Jenkins Incorrect Authorization Vulnerability (CVE-2018-1999004)

Liferay Portal Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2022-42112)

Severity

Medium

Classification

CVE-2008-2397 CWE-707

Tags

Missing Update Known Vulnerabilities