This exploit demonstrates an HTML injection vulnerability in dotCMS 5.1.1 by uploading a file with a malicious filename containing an XSS payload. The payload is executed when the file is processed or rendered by the application.
Classification
Working Poc 90%
Attack Type
Xss
Complexity
Trivial
Reliability
Reliable
Target:dotCMS 5.1.1
Auth required
Prerequisites:Valid session cookies (JSESSIONID, access_token, etc.) · Access to the file upload functionality