2 matches found
CVE-2023-3042 CNA SHORTNAME: dotCMSORG UUID: 5b9d93f2-25c7-46b4-ab60-d201718c9dd8
In dotCMS, versions mentioned, a flaw in the NormalizationFilter does not strip double slashes // from URLs, potentially enabling bypasses for XSS and access controls. An example affected URL is https://demo.dotcms.com//html/portlet/ext/files/edittextinc.jsp , which should return a 404 response b...
CVE-2023-3042
In dotCMS, a flaw in the NormalizationFilter permits double slashes (//) in URLs to bypass certain checks. This affects versions prior to 23.06 (and affected LTS lines 22.03.7 and 23.01.4+). The root cause is an oversight in the default invalid URL character list. Mitigations documented in the co...