2 matches found
CVE-2022-35740
dotCMS before 22.06 allows remote attackers to bypass intended access control and obtain sensitive information by using a semicolon in a URL to introduce a matrix parameter. This is also fixed in 5.3.8.12, 21.06.9, and 22.03.2 for LTS users. Some Java application frameworks, including those used ...
CVE-2022-35740
CVE-2022-35740 : dotCMS before 22.06 allows remote attackers to bypass access controls and access restricted resources by placing a semicolon in a URL to introduce a matrix parameter, enabling path-based XSS bypass in some frameworks (e.g., Spring/Tomcat). The issue can chain into XSS; impact pub...