| Issue: |
|
|---|---|
| Date: |
|
| Severity: | Medium |
| Requires Admin Access: | No |
| Fix Version: | 5.1.0 |
| Credit: | 7Safe |
| Description: |
By publishing custom, problematic vtl code, a user is able to elevate their dotCMS permissions for the duration of their browsing session. User must have publish permissions to publish the custom vtl file. Can track status of the issue here: https://github.com/dotCMS/core/issues/15882 |
| Mitigation: |
None at this time |