" /> " />

 

Issues » XSS on "page not found .jsp"

Issue: SI-27
Date: Sep 23, 2014 12:00:00 PM
Severity: Low
Requires Admin Access: No
Fix Version: 3.0
Credit: Elar Lang / elar -at - clarifiedsecurity.com
Description:

 GET Parameter "url" is displayed back to output without proper escaping.  

Workaround:

Properly escape the url and hostId parameters

Issues

https://github.com/dotCMS/core/issues/6353

Back to the top