Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

dotCMS v5.1.1 Vulnerabilities

Related Vulnerabilities: CVE-2008-7220   CVE-2015-9251   CVE-2019-11358   CVE-2019-8331   CVE-2018-14041   CVE-2018-14040   CVE-2018-14042  
Source 
                							

                <!--X-Body-Begin-->
<!--X-User-Header-->
<a href="/fulldisclosure/"><img src="/images/fulldisclosure-logo.png" class="l-logo right" alt="fulldisclosure logo" width="80"></a>
<h2 class="m-list"><a href="/fulldisclosure/">Full Disclosure</a>
mailing list archives</h2>
<!--X-User-Header-End-->
<!--X-TopPNI-->
<div class="nav-bar">
<div class="nav-link">
<a href="9"><img src="/images/left-icon-16x16.png" alt="Previous" width="16" height="16"></a>
<a href="date.html#10">By Date</a>
<a href="11"><img src="/images/right-icon-16x16.png" alt="Next" width="16" height="16"></a>
</div>
<div class="nav-link">
<a href="9"><img src="/images/left-icon-16x16.png" alt="Previous" width="16" height="16"></a>
<a href="index.html#10">By Thread</a>
<a href="11"><img src="/images/right-icon-16x16.png" alt="Next" width="16" height="16"></a>
</div>
<form class="nst-search center" action="/search/fulldisclosure">
<input class="nst-search-q" name="q" type="search" placeholder="List Archive Search">
<button class="nst-search-button" title="Search">
<img style="width:100%;aspect-ratio:1/1;" alt="" aria-hidden="true" src="/shared/images/nst-icons.svg#search">
</button>
</form>

</div>

<!--X-TopPNI-End-->
<!--X-MsgBody-->
<!--X-Subject-Header-Begin-->
<h1 class="m-title">dotCMS v5.1.1 Vulnerabilities</h1>
<hr>
<!--X-Subject-Header-End-->
<!--X-Head-of-Message-->


<em>From</em>: John Martinelli &lt;john () secureli com&gt;


<em>Date</em>: Thu, 9 May 2019 09:06:19 -0400


<!--X-Head-of-Message-End-->
<!--X-Head-Body-Sep-Begin-->
<hr>
<!--X-Head-Body-Sep-End-->
<!--X-Body-of-Message-->
<pre style="margin: 0em;">Hello,

</pre><tt>I identified several vulnerabilities in dotCMS v5.1.1 due to vulnerable 
</tt><tt>open source dependencies.
</tt><pre style="margin: 0em;">
</pre><tt>Full security write up: 
</tt><tt><a rel="nofollow" href="http://secureli.com/dotcms-v5-1-1-vulnerable-open-source-dependencies/">http://secureli.com/dotcms-v5-1-1-vulnerable-open-source-dependencies/</a>
</tt><pre style="margin: 0em;">
The details:

/ROOT/html/js/scriptaculous/prototype.js

↳ prototypejs 1.5.0
</pre><tt>prototypejs 1.5.0 has known vulnerabilities: severity: high; CVE: 
</tt><tt>CVE-2008-7220; <a rel="nofollow" href="http://www.cvedetails.com/cve/CVE-2008-7220/">http://www.cvedetails.com/cve/CVE-2008-7220/</a> 
</tt><tt><a rel="nofollow" href="http://prototypejs.org/2008/01/25/prototype-1-6-0-2-bug-fixes-performance-improvements-and-security/">http://prototypejs.org/2008/01/25/prototype-1-6-0-2-bug-fixes-performance-improvements-and-security/</a>
</tt><pre style="margin: 0em;">
ROOT/assets/3/6/36c22c5d-c813-4869-a4b7-fcc10a74e8b6/fileAsset/jquery.min.js

↳ jquery 1.9.1
</pre><tt>jquery 1.9.1 has known vulnerabilities: severity: medium; issue: 2432, 
</tt><tt>summary: 3rd party CORS request may execute, CVE: CVE-2015-9251; 
</tt><tt><a rel="nofollow" href="https://github.com/jquery/jquery/issues/2432">https://github.com/jquery/jquery/issues/2432</a> 
</tt><tt><a rel="nofollow" href="http://blog.jquery.com/2016/01/08/jquery-2-2-and-1-12-released/">http://blog.jquery.com/2016/01/08/jquery-2-2-and-1-12-released/</a> 
</tt><tt><a rel="nofollow" href="https://nvd.nist.gov/vuln/detail/CVE-2015-9251">https://nvd.nist.gov/vuln/detail/CVE-2015-9251</a> 
</tt><tt><a rel="nofollow" href="http://research.insecurelabs.org/jquery/test/">http://research.insecurelabs.org/jquery/test/</a> severity: medium; CVE: 
</tt><tt>CVE-2015-9251, issue: 11974, summary: parseHTML() executes scripts in 
</tt><tt>event handlers; <a rel="nofollow" href="https://bugs.jquery.com/ticket/11974">https://bugs.jquery.com/ticket/11974</a> 
</tt><tt><a rel="nofollow" href="https://nvd.nist.gov/vuln/detail/CVE-2015-9251">https://nvd.nist.gov/vuln/detail/CVE-2015-9251</a> 
</tt><tt><a rel="nofollow" href="http://research.insecurelabs.org/jquery/test/">http://research.insecurelabs.org/jquery/test/</a> severity: low; CVE: 
</tt><tt>CVE-2019-11358, summary: jQuery before 3.4.0, as used in Drupal, 
</tt><tt>Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, …) 
</tt><tt>because of Object.prototype pollution; 
</tt><tt><a rel="nofollow" href="https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/">https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/</a> 
</tt><tt><a rel="nofollow" href="https://nvd.nist.gov/vuln/detail/CVE-2019-11358">https://nvd.nist.gov/vuln/detail/CVE-2019-11358</a> 
</tt><tt><a rel="nofollow" href="https://github.com/jquery/jquery/commit/753d591aea698e57d6db58c9f722cd0808619b1b">https://github.com/jquery/jquery/commit/753d591aea698e57d6db58c9f722cd0808619b1b</a>
</tt><pre style="margin: 0em;">
ROOT/assets/5/1/515cba4e-ac64-4523-b683-8e38329e7f46/fileAsset/bootstrap.min.js
↳ bootstrap 3.2.0
</pre><tt>bootstrap 3.2.0 has known vulnerabilities: severity: high; issue: 28236, 
</tt><tt>summary: XSS in data-template, data-content and data-title properties of 
</tt><tt>tooltip/popover, CVE: CVE-2019-8331; 
</tt><tt><a rel="nofollow" href="https://github.com/twbs/bootstrap/issues/28236">https://github.com/twbs/bootstrap/issues/28236</a> severity: medium; issue: 
</tt><tt>20184, summary: XSS in data-target property of scrollspy, CVE: 
</tt><tt>CVE-2018-14041; <a rel="nofollow" href="https://github.com/twbs/bootstrap/issues/20184">https://github.com/twbs/bootstrap/issues/20184</a> severity: 
</tt><tt>medium; issue: 20184, summary: XSS in collapse data-parent attribute, 
</tt><tt>CVE: CVE-2018-14040; <a rel="nofollow" href="https://github.com/twbs/bootstrap/issues/20184">https://github.com/twbs/bootstrap/issues/20184</a> 
</tt><tt>severity: medium; issue: 20184, summary: XSS in data-container property 
</tt><tt>of tooltip, CVE: CVE-2018-14042; 
</tt><tt><a rel="nofollow" href="https://github.com/twbs/bootstrap/issues/20184">https://github.com/twbs/bootstrap/issues/20184</a>
</tt><pre style="margin: 0em;">
ROOT/assets/9/9/99c7ffe7-e1c2-407f-85b7-ec483dbcf6f1/fileAsset/jquery.min.js
↳ jquery 3.3.1
</pre><tt>jquery 3.3.1 has known vulnerabilities: severity: low; CVE: 
</tt><tt>CVE-2019-11358, summary: jQuery before 3.4.0, as used in Drupal, 
</tt><tt>Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, …) 
</tt><tt>because of Object.prototype pollution; 
</tt><tt><a rel="nofollow" href="https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/">https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/</a> 
</tt><tt><a rel="nofollow" href="https://nvd.nist.gov/vuln/detail/CVE-2019-11358">https://nvd.nist.gov/vuln/detail/CVE-2019-11358</a> 
</tt><tt><a rel="nofollow" href="https://github.com/jquery/jquery/commit/753d591aea698e57d6db58c9f722cd0808619b1b">https://github.com/jquery/jquery/commit/753d591aea698e57d6db58c9f722cd0808619b1b</a>
</tt><pre style="margin: 0em;">
ROOT/assets/f/6/f6fa6b13-3a96-4cbf-9a75-19a40137f05a/fileAsset/jquery.min.js

↳ jquery 1.9.1
</pre><tt>jquery 1.9.1 has known vulnerabilities: severity: medium; issue: 2432, 
</tt><tt>summary: 3rd party CORS request may execute, CVE: CVE-2015-9251; 
</tt><tt><a rel="nofollow" href="https://github.com/jquery/jquery/issues/2432">https://github.com/jquery/jquery/issues/2432</a> 
</tt><tt><a rel="nofollow" href="http://blog.jquery.com/2016/01/08/jquery-2-2-and-1-12-released/">http://blog.jquery.com/2016/01/08/jquery-2-2-and-1-12-released/</a> 
</tt><tt><a rel="nofollow" href="https://nvd.nist.gov/vuln/detail/CVE-2015-9251">https://nvd.nist.gov/vuln/detail/CVE-2015-9251</a> 
</tt><tt><a rel="nofollow" href="http://research.insecurelabs.org/jquery/test/">http://research.insecurelabs.org/jquery/test/</a> severity: medium; CVE: 
</tt><tt>CVE-2015-9251, issue: 11974, summary: parseHTML() executes scripts in 
</tt><tt>event handlers; <a rel="nofollow" href="https://bugs.jquery.com/ticket/11974">https://bugs.jquery.com/ticket/11974</a> 
</tt><tt><a rel="nofollow" href="https://nvd.nist.gov/vuln/detail/CVE-2015-9251">https://nvd.nist.gov/vuln/detail/CVE-2015-9251</a> 
</tt><tt><a rel="nofollow" href="http://research.insecurelabs.org/jquery/test/">http://research.insecurelabs.org/jquery/test/</a> severity: low; CVE: 
</tt><tt>CVE-2019-11358, summary: jQuery before 3.4.0, as used in Drupal, 
</tt><tt>Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, …) 
</tt><tt>because of Object.prototype pollution; 
</tt><tt><a rel="nofollow" href="https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/">https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/</a> 
</tt><tt><a rel="nofollow" href="https://nvd.nist.gov/vuln/detail/CVE-2019-11358">https://nvd.nist.gov/vuln/detail/CVE-2019-11358</a> 
</tt><tt><a rel="nofollow" href="https://github.com/jquery/jquery/commit/753d591aea698e57d6db58c9f722cd0808619b1b">https://github.com/jquery/jquery/commit/753d591aea698e57d6db58c9f722cd0808619b1b</a>
</tt><pre style="margin: 0em;">
ROOT/assets/4/a/4a5a727f-369b-49e0-bff5-42d9efb4ba90/fileAsset/jquery-2.1.1.min.js

↳ jquery 2.1.1.min
</pre><tt>jquery 2.1.1.min has known vulnerabilities: severity: medium; issue: 
</tt><tt>2432, summary: 3rd party CORS request may execute, CVE: CVE-2015-9251; 
</tt><tt><a rel="nofollow" href="https://github.com/jquery/jquery/issues/2432">https://github.com/jquery/jquery/issues/2432</a> 
</tt><tt><a rel="nofollow" href="http://blog.jquery.com/2016/01/08/jquery-2-2-and-1-12-released/">http://blog.jquery.com/2016/01/08/jquery-2-2-and-1-12-released/</a> 
</tt><tt><a rel="nofollow" href="https://nvd.nist.gov/vuln/detail/CVE-2015-9251">https://nvd.nist.gov/vuln/detail/CVE-2015-9251</a> 
</tt><tt><a rel="nofollow" href="http://research.insecurelabs.org/jquery/test/">http://research.insecurelabs.org/jquery/test/</a> severity: medium; CVE: 
</tt><tt>CVE-2015-9251, issue: 11974, summary: parseHTML() executes scripts in 
</tt><tt>event handlers; <a rel="nofollow" href="https://bugs.jquery.com/ticket/11974">https://bugs.jquery.com/ticket/11974</a> 
</tt><tt><a rel="nofollow" href="https://nvd.nist.gov/vuln/detail/CVE-2015-9251">https://nvd.nist.gov/vuln/detail/CVE-2015-9251</a> 
</tt><tt><a rel="nofollow" href="http://research.insecurelabs.org/jquery/test/">http://research.insecurelabs.org/jquery/test/</a> severity: low; CVE: 
</tt><tt>CVE-2019-11358, summary: jQuery before 3.4.0, as used in Drupal, 
</tt><tt>Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, …) 
</tt><tt>because of Object.prototype pollution; 
</tt><tt><a rel="nofollow" href="https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/">https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/</a> 
</tt><tt><a rel="nofollow" href="https://nvd.nist.gov/vuln/detail/CVE-2019-11358">https://nvd.nist.gov/vuln/detail/CVE-2019-11358</a> 
</tt><tt><a rel="nofollow" href="https://github.com/jquery/jquery/commit/753d591aea698e57d6db58c9f722cd0808619b1b">https://github.com/jquery/jquery/commit/753d591aea698e57d6db58c9f722cd0808619b1b</a>
</tt><pre style="margin: 0em;">
ROOT/html/js/dojo/custom-build/dojo/dojo.js

↳ dojo 1.8.6
</pre><tt>dojo 1.8.6 has known vulnerabilities: severity: medium; PR: 307; 
</tt><tt><a rel="nofollow" href="https://github.com/dojo/dojo/pull/307">https://github.com/dojo/dojo/pull/307</a> 
</tt><tt><a rel="nofollow" href="https://dojotoolkit.org/blog/dojo-1-14-released">https://dojotoolkit.org/blog/dojo-1-14-released</a>
</tt><pre style="margin: 0em;">
ROOT/html/js/tinymce/js/tinymce/tinymce.min.js

↳ tinyMCE 4.1.6
</pre><tt>tinyMCE 4.1.6 has known vulnerabilities: severity: medium; summary: xss 
</tt><tt>issues with media plugin not properly filtering out some script 
</tt><tt>attributes.; <a rel="nofollow" href="https://www.tinymce.com/docs/changelog/">https://www.tinymce.com/docs/changelog/</a> severity: medium; 
</tt><tt>summary: FIXED so script elements gets removed by default to prevent 
</tt><tt>possible XSS issues in default config implementations; 
</tt><tt><a rel="nofollow" href="https://www.tinymce.com/docs/changelog/">https://www.tinymce.com/docs/changelog/</a> severity: medium; summary: FIXED 
</tt><tt>so links with xlink:href attributes are filtered correctly to prevent 
</tt><tt>XSS.; <a rel="nofollow" href="https://www.tinymce.com/docs/changelog/">https://www.tinymce.com/docs/changelog/</a>
</tt><pre style="margin: 0em;">
_______________________________________________
Sent through the Full Disclosure mailing list
<a rel="nofollow" href="https://nmap.org/mailman/listinfo/fulldisclosure">https://nmap.org/mailman/listinfo/fulldisclosure</a>
Web Archives &amp; RSS: <a rel="nofollow" href="http://seclists.org/fulldisclosure/">http://seclists.org/fulldisclosure/</a></pre>
<!--X-Body-of-Message-End-->
<!--X-MsgBody-End-->
<!--X-Follow-Ups-->
<hr>
<!--X-Follow-Ups-End-->
<!--X-References-->
<!--X-References-End-->
<!--X-BotPNI-->
<div class="nav-bar">
<div class="nav-link">
<a href="9"><img src="/images/left-icon-16x16.png" alt="Previous" width="16" height="16"></a>
<a href="date.html#10">By Date</a>
<a href="11"><img src="/images/right-icon-16x16.png" alt="Next" width="16" height="16"></a>
</div>
<div class="nav-link">
<a href="9"><img src="/images/left-icon-16x16.png" alt="Previous" width="16" height="16"></a>
<a href="index.html#10">By Thread</a>
<a href="11"><img src="/images/right-icon-16x16.png" alt="Next" width="16" height="16"></a>
</div>
</div>
<h3 class="m-thread">Current thread:</h3>
<ul class="thread">
<li><strong>dotCMS v5.1.1 Vulnerabilities</strong> <em>John Martinelli (May 10)</em>
<ul>
<li><em>Message not available</em><ul>
<li><a name="11" href="11">dotCMS v5.1.1 HTML Injection &amp; XSS Vulnerability</a> <em>John Martinelli (May 10)</em>
<ul>
<li><a name="13" href="13">Re: dotCMS v5.1.1 HTML Injection &amp; XSS Vulnerability</a> <em>John Martinelli (May 10)</em>
</li>
</ul>
</li></ul>
</li>

</ul>
</li>
</ul>


<!--X-BotPNI-End-->
<!--X-User-Footer-->
<!--X-User-Footer-End-->
<p>

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started