An issue was discovered in Dotcms through 5.0.3. Attackers may perform XSS attacks via the inode, identifier, or fieldName parameter in html/js/dotcms/dijit/image/image_tool.jsp.
Max CVSS
5.4
EPSS Score
0.05%
Published
2018-11-26
Updated
2019-03-06
dotCMS V5.0.1 has XSS in the /html/portlet/ext/contentlet/image_tools/index.jsp fieldName and inode parameters.
Max CVSS
6.1
EPSS Score
0.06%
Published
2018-09-12
Updated
2018-11-02
2 vulnerabilities found