Cross Site Scripting Vulnerability in dotCMS by dotCMS
CVE-2020-17542

5.4MEDIUM

Key Information:

Vendor: Dotcms
Status: Dotcms
Vendor: CVE Published:; 23 April 2021

What is CVE-2020-17542?

A Cross Site Scripting vulnerability exists in dotCMS v5.1.5 that allows attackers to inject malicious code through the 'Task Detail' comment window within the '/dotAdmin/#/c/workflow' section. If exploited, this flaw could enable unauthorized access and execution of arbitrary scripts, potentially compromising the integrity and confidentiality of the affected system.

References

https://github.com/dotCMS/core/issues/16890

x_refsource_MISC

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 23, 2021
Vulnerability Reserved
Aug 13, 2020

JSON

Dotcms

What is CVE-2020-17542?

References

CVSS V3.1

Timeline