SB2017020612 - Multiple vulnerabilities in dotCMS

Description

This security bulletin contains information about 4 vulnerabilities.

1) Cross-site scripting (CVE-ID: CVE-2017-6003)

The vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.

The vulnerability exists due to insufficient sanitization of user-supplied data when processing the bottom two form fields. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website.

Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.

2) Cross-site scripting (CVE-ID: CVE-2017-5875)

The vulnerability allows a remote authenticated user to read and manipulate data.

XSS was discovered in dotCMS 3.7.0, with an authenticated attack against the /myAccount addressID parameter.

3) Cross-site scripting (CVE-ID: CVE-2017-5876)

The vulnerability allows a remote non-authenticated attacker to read and manipulate data.

XSS was discovered in dotCMS 3.7.0, with an unauthenticated attack against the /news-events/events date parameter.

4) Cross-site scripting (CVE-ID: CVE-2017-5877)

The vulnerability allows a remote non-authenticated attacker to read and manipulate data.

XSS was discovered in dotCMS 3.7.0, with an unauthenticated attack against the /about-us/locations/index direction parameter.

Remediation

Install update from vendor's website.

References

• http://www.securityfocus.com/bid/97089
• http://www.yiwang6.cn/dotcms.docx
• http://www.securityfocus.com/bid/96115
• https://github.com/dotCMS/core/issues/10643