Read full vulnerability report @ https://secureli.com/dotcms-v5-1-1-open-redirect-vulnerability/

dotCMS v5.1.1 suffers from an Open Redirect Vulnerability, in addition to many other vulnerabilities that I am still verifying.

The following URL is a proof-of-concept that requires a user to be logged in. Simply login to the demo before visiting the supplied POC.

Logging into the demo requires you to go to https://demo.dotcms.com/dotAdmin and log in with the demo credentials (username: admin@dotcms.com password: admin).

POC link: https://demo.dotcms.com/html/portlet/ext/common/page_preview_popup.jsp?hostname=google.com/test.html


Read full vulnerability report @ https://secureli.com/dotcms-v5-1-1-html-injection-xss-vulnerability/

dotCMS v5.1.1 suffers from an HTML injection and XSS vulnerability, in addition to many other vulnerabilities that I am still verifying.

There's a screenshot available on my blog link above.

To reproduce this vulnerability, simply go to https://dotcms.com/dotAdmin/ and login with their demo credentials (username: admin@dotcms.com password: admin) and then visit the following URL:

https://demo.dotcms.com/html/portlet/ext/files/edit_text_inc.jsp?referer=%22%3EHTML%20Code%20Injection%20Here%20and%20XSS%20Vulnerability%20%3Cbr%3E%3Cbr%3E

There are more unconfirmed vulnerabilities in dotCMS.