Multiple cross-site scripting (XSS) vulnerabilities in dotCMS prior to 2.3.2 allow remote malicious users to inject arbitrary web script or HTML via the (1) _loginUserName parameter to application/login/login.html, (2) my_account_login parameter to c/portal_public/login, or (3) email parameter to forgotPassword.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
dotcms dotcms 2.0 |
||
dotcms dotcms 2.1.1 |
||
dotcms dotcms |
||
dotcms dotcms 2.3 |
||
dotcms dotcms 2.2 |
||
dotcms dotcms 2.1 |
||
dotcms dotcms 2.0.1 |
||
dotcms dotcms 1.9.5.1 |
||
dotcms dotcms 2.2.1 |