Description

XSS was discovered in dotCMS 3.7.0, with an unauthenticated attack against the /about-us/locations/index direction parameter.

Remediation

References

CVE-2017-5877

Related Vulnerabilities

PHP Improper Restriction of Operations within the Bounds of a Memory Buffer Vulnerability (CVE-2015-8386)

WordPress Plugin Share Posts To Email Cross-Site Scripting (1.0.2)

WordPress Plugin Toolset Types-Custom Post Types, Custom Fields and Taxonomies Cross-Site Scripting (1.8.7.2)

WordPress Plugin WordPress Automatic SQL Injection (3.92.0)

WordPress Plugin Additional Variation Images for WooCommerce Cross-Site Scripting (1.1.28)

Severity

Medium

Classification

CVE-2017-5877 CWE-707 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Tags

Missing Update Known Vulnerabilities