Description
Multiple cross-site scripting (XSS) vulnerabilities in dotCMS before 2.3.2 allow remote attackers to inject arbitrary web script or HTML via the (1) _loginUserName parameter to application/login/login.html, (2) my_account_login parameter to c/portal_public/login, or (3) email parameter to forgotPassword.
Remediation
References
Related Vulnerabilities
WordPress Plugin Ultimate Gift Cards For WooCommerce Cross-Site Request Forgery (2.1.1)
phpMyFAQ Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2014-6046)
WordPress Plugin Simple Events Calendar SQL Injection (1.3.5)
WordPress Plugin Better Find and Replace Cross-Site Scripting (1.2.8)
Internet Information Services Other Vulnerability (CVE-2002-0149)