An issue was discovered in Dotcms through 5.0.3. Attackers may perform XSS attacks via the inode, identifier, or fieldName parameter in html/js/dotcms/dijit/image/image_tool.jsp.
CVSS Score
5.4
EPSS Score
0.002
Published
2018-11-26
dotCMS V5.0.1 has XSS in the /html/portlet/ext/contentlet/image_tools/index.jsp fieldName and inode parameters.
CVSS Score
6.1
EPSS Score
0.003
Published
2018-09-12
Page 2