Get a demo
100% Signal 0% Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo
Dot CMS Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability - CVE-2023-3042 - Vulnerability Database
Dot CMS

Dot CMS Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability - CVE-2023-3042

Medium
Reference: CVE-2023-3042
NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2023-3042
Title: Dot CMS Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Overview:

In dotCMS versions mentioned a flaw in the NormalizationFilter does not strip double slashes (//) from URLs potentially enabling bypasses for XSS and access controls. An example affected URL is https://demo.dotcms.com//html/portlet/ext/files/edit_text_inc.jsp https://demo.dotcms.com//html/portlet/ext/files/edit_text_inc.jsp which should return a 404 response but didn39t. The oversight in the default invalid URL character list can be viewed at the provided GitHub link https://github.com/dotCMS/core/blob/master/dotCMS/src/main/java/com/dotcms/filters/NormalizationFilter.javaL37 . To mitigate users can block URLs with double slashes at firewalls or utilize dotCMS config variables. Specifically they can use the DOT_URI_NORMALIZATION_FORBIDDEN_STRINGS environmental variable to add // to the list of invalid strings. Additionally the DOT_URI_NORMALIZATION_FORBIDDEN_REGEX variable offers more detailed control for instance to block //html. URLs. Fix Version:23.06 LTS 22.03.7 LTS 23.01.4