|Requires Admin Access:
|Sergio Galán aka NaxoneZ
In a number of areas in the dotCMS Administrative tool, it is possible for an authenticated user to create stored XSS that executes in the admin user's browser.
In the browser once logged into the admin screen you can use XSS. You of course are already logged in and a trusted user at this point.
5.- XSS (not persistence)
dotCMS 5.2 and above ships with an XSS prevention filter that validates incoming requests to the admin panel. If the incoming request does not include a valid Refer or Origin Header, then the request will be blocked by the filter. In essence, this blocks an attacker's ability to remotely trigger an XSS vulnerability from a domain outside of the administrative panel.
Versions of dotCMS < 5.2 can install the CSRF osgi plugin that does the same work as the XSS prevention filter.
OSGI based CSRF filter for dotCMS < 5.2