3 matches found
dotCMS search-results.dot search_query Parameter XSS
The remote host is using dotCMS, an open source J2EE / Java web content management system. The version of dotCMS installed on the remote host fails to sanitize input to the 'searchquery' parameter of the 'search-results.dot' script before using it to generate dynamic HTML output. An attacker may ...
CVE-2008-2397
Cross-site scripting XSS vulnerability in search-results.dot in dotCMS 1.x allows remote attackers to inject arbitrary web script or HTML via the searchquery parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information...
CVE-2008-2397
The CVE-2008-2397 is an XSS vulnerability in dotCMS 1.x, affecting the search-results.dot component via the search_query parameter. The underlying issue is failure to sanitize this input, enabling remote attackers to inject arbitrary HTML/JavaScript into a user’s browser. Connected sources (Nessu...