Description

Cross-site scripting (XSS) vulnerability in lucene_search.jsp in dotCMS before 3.5.1 allows remote attackers to inject arbitrary web script or HTML via the query parameter to c/portal/layout.

Remediation

References

CVE-2016-3971

Related Vulnerabilities

PHP NULL Pointer Dereference Vulnerability (CVE-2021-21702)

Joomla Other Vulnerability (CVE-2006-6834)

WordPress Plugin WordPress Backup to Dropbox Cross-Site Scripting (4.0)

WordPress Plugin Hunk External Links Cross-Site Scripting (3.0.5)

WordPress Plugin MyThemeShop Theme/Plugin Updater Cross-Site Scripting (1.2.3)

Severity

Medium

Classification

CVE-2016-3971 CWE-707 CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

Tags

Missing Update Known Vulnerabilities