Description
Multiple cross-site scripting (XSS) vulnerabilities in dotCMS before 2.3.2 allow remote attackers to inject arbitrary web script or HTML via the (1) _loginUserName parameter to application/login/login.html, (2) my_account_login parameter to c/portal_public/login, or (3) email parameter to forgotPassword.
Remediation
References
Related Vulnerabilities
WordPress Plugin NextMove Lite-Thank You Page for WooCommerce Cross-Site Request Forgery (2.18.1)
WordPress Plugin Easy Banners Cross-Site Scripting (1.4)
WordPress 4.9.x Multiple Vulnerabilities (4.9 - 4.9.12)
WordPress Plugin BuddyPress Cover Arbitrary File Upload (2.1.4.2)
WordPress Plugin Embed Articles Multiple Vulnerabilities (7.0.3)