Description /servlets/ajax_file_upload?fieldName=binary3 in dotCMS 5.1.1 allows XSS and HTML Injection. Remediation References CVE-2019-11846 Related Vulnerabilities WordPress Plugin Minimal Coming Soon & Maintenance Mode-Coming Soon Page Cross-Site Request Forgery (2.10) MyBB Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2017-16781) Joomla Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2012-0837) Drupal Core 4.7.x Security Bypass (4.7.0 - 4.7.7) WordPress Plugin Form Vibes-Database Manager for Forms SQL Injection (1.4.10) Severity Medium Classification CVE-2019-11846 CWE-707 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Tags Missing Update Known Vulnerabilities