|Requires Admin Access:||Yes|
|Credit:||Internal Security Team /|
Once a user is authenticated in the dotCMS admin console, they are treated as a trusted user. If this is not the case, we would recommend limiting the administrative access to an ip range.
Additionally, as of 5.x, dotCMS's built in XSSPreventionFilter prevents most XSS type attacks.