Design/Logic Flaw

dotCMS 3.7.0 has XSS reachable from ext/languagesmanager/editlanguage in portal/layout via the bottom two form fields...

CVE-2017-6003

dotCMS 3.7.0 has XSS reachable from ext/languagesmanager/editlanguage in portal/layout via the bottom two form fields...

CVE-2016-3971

Cross-site scripting XSS vulnerability in lucenesearch.jsp in dotCMS before 3.5.1 allows remote attackers to inject arbitrary web script or HTML via the query parameter to c/portal/layout...