Dot CMS Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability - CVE-2022-37431 - Vulnerability Database

Dot CMS

Dot CMS Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability - CVE-2022-37431

Medium

Reference: CVE-2022-37431

NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2022-37431

Title: Dot CMS Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability

Overview:

A Reflected Cross-site scripting (XSS) issue was discovered in dotCMS Core through 22.06. This occurs in the admin portal when the configuration has XSS_PROTECTION_ENABLEDfalse. NOTE: the vendor disputes this because the current product behavior in effect has XSS_PROTECTION_ENABLEDtrue in all configurations