CVE-2017-6003

dotCMS 3.7.0 has XSS reachable from ext/languagesmanager/editlanguage in portal/layout via the bottom two form fields...

CVE-2017-6003

dotCMS 3.7.0 has XSS reachable from ext/languagesmanager/editlanguage in portal/layout via the bottom two form fields...

Cross site scripting

XSS was discovered in dotCMS 3.7.0, with an authenticated attack against the /myAccount addressID parameter...

CVE-2017-5876

XSS was discovered in dotCMS 3.7.0, with an unauthenticated attack against the /news-events/events date parameter...

CVE-2017-5877

DotCMS 3.7.0 is affected by a cross-site scripting (XSS) vulnerability that can be triggered by an unauthenticated attacker via the /about-us/locations/index parameter. The issue is documented as CVE-2017-5877. NVD notes CVSS v2 base score 4.3 (AV:N/AC:M/Au:N/C:N/I:P/A:N) and CVSS v3 base score 6...

CVE-2017-5875

dotCMS 3.7.0 contains a cross-site scripting (XSS) vulnerability exploitable by an authenticated user via the /myAccount addressID parameter. Multiple sources (NVD/CNVD/OSV) confirm XSS with an authenticated impact (C/L/I/L, A none); CVSS3 score 5.4 (MEDIUM) with network attack vector and low pri...

CVE-2017-5877

XSS was discovered in dotCMS 3.7.0, with an unauthenticated attack against the /about-us/locations/index direction parameter...