Issues » Reflected XSS Vulnerability in referer_js.jsp

Issue: SI-49
Date: Jan 24, 2019, 4:00:00 AM
Severity: Medium
Requires Admin Access: Yes
Fix Version: 5.1.0
Credit: Johannes Moritz - RIPS TECHNOLOGIES GMBH
Description:

Reflected (non-persistent) Cross Site Scripting (XSS) vulnerability exists in /html/common/referer_common.jsp

Can track status here:  https://github.com/dotCMS/core/issues/15870

Mitigation:

Delete /html/common/referer_common.jsp from dotCMS deployment