Description

/servlets/ajax_file_upload?fieldName=binary3 in dotCMS 5.1.1 allows XSS and HTML Injection.

Remediation

References

CVE-2019-11846

Related Vulnerabilities

Internet Information Services Other Vulnerability (CVE-2001-0545)

WordPress Plugin WP Simple Login Registration Cross-Site Scripting (1.0.2)

WordPress Plugin MobileView by ColorLabs & Company Cross-Site Scripting (1.0.7)

MySQL CVE-2018-2759 Vulnerability (CVE-2018-2759)

WordPress Plugin Discount Rules for WooCommerce Security Bypass (2.2.0)

Severity

Medium

Classification

CVE-2019-11846 CWE-707 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Tags

Missing Update Known Vulnerabilities