5 matches found
CVE-2022-37431
A Reflected Cross-site scripting XSS issue was discovered in dotCMS Core through 22.06. This occurs in the admin portal when the configuration has XSSPROTECTIONENABLED=false. NOTE: the vendor disputes this because the current product behavior, in effect, has XSSPROTECTIONENABLED=true in all...
CVE-2022-37431
A Reflected Cross-site scripting XSS issue was discovered in dotCMS Core through 22.06. This occurs in the admin portal when the configuration has XSSPROTECTIONENABLED=false. NOTE: the vendor disputes this because the current product behavior, in effect, has XSSPROTECTIONENABLED=true in all...
CVE-2022-37431
A Reflected Cross-site scripting XSS issue was discovered in dotCMS Core through 22.06. This occurs in the admin portal when the configuration has XSSPROTECTIONENABLED=false. NOTE: the vendor disputes this because the current product behavior, in effect, has XSSPROTECTIONENABLED=true in all...
CVE-2022-37431
A Reflected Cross-site scripting XSS issue was discovered in dotCMS Core through 22.06. This occurs in the admin portal when the configuration has XSSPROTECTIONENABLED=false. NOTE: the vendor disputes this because the current product behavior, in effect, has XSSPROTECTIONENABLED=true in all...
CVE-2022-37431
CVE-2022-37431 affects dotCMS Core (through 22.06). The issue is a reflected cross-site scripting (XSS) in the admin portal when XSS_PROTECTION_ENABLED is false; vendor notes suggest the product already behaves with XSS_PROTECTION_ENABLED=true in all configurations. Impact is reflected XSS in adm...