Description
dotCMS before 5.0.2 has open redirects via the html/common/forward_js.jsp FORWARD_URL parameter or the html/portlet/ext/common/page_preview_popup.jsp hostname parameter.
Remediation
References
Related Vulnerabilities
WordPress Plugin Shoppable Images Multiple Vulnerabilities (1.0.0)
WordPress Plugin Storefront Footer Text Cross-Site Scripting (1.0.1)
WordPress Plugin Internal Links Manager Multiple Cross-Site Scripting Vulnerabilities (2.1.0)
MySQL CVE-2019-3009 Vulnerability (CVE-2019-3009)
WordPress Plugin Download Shortcode Arbitrary File Disclosure (0.1)