Issues » Reflected XSS Vulnerability in referer_js.jsp

Issue: SI-49
Date: Jan 24, 2019 9:00:00 AM
Severity: Moderate
Requires Admin Access: Yes
Fix Version: TBD
Credit: Johannes Moritz - RIPS TECHNOLOGIES GMBH
Description:

Reflected (non-persistent) Cross Site Scripting (XSS) vulnerability exists in /html/common/referer_common.jsp

Can track status here:  https://github.com/dotCMS/core/issues/15870

Workaround:

Delete /html/common/referer_common.jsp from dotCMS deployment