dotCMS 3.2.4 Multiple Vulnerabilities

Title: dotCMS 3.2.4 Multiple Vulnerabilities
Advisory ID: ZSL-2015-5290
Type: Local/Remote
Impact: Cross-Site Scripting, Spoofing
Risk: (3/5)
Release Date: 08.12.2015
Summary
DotCMS is the next generation of Content Management System (CMS). Quick to deploy, open source, Java-based, open APIs, extensible and massively scalable, dotCMS can rapidly deliver personalized, engaging multi-channel sites, web apps, campaigns, one-pagers, intranets - all types of content driven experiences - without calling in your developers.
Description
The application suffers from multiple security vulnerabilities including: Open Redirection, multiple Stored and Reflected XSS and Cross-Site Request Forgery (CSRF).
Vendor
dotCMS Software, LLC - http://www.dotcms.com
Affected Version
3.2.4 (Enterprise)
Tested On
Apache-Coyote/1.1
Vendor Status
[19.11.2015] Vulnerabilities discovered.
[23.11.2015] Vendor contacted.
[23.11.2015] Vendor responds asking more details.
[23.11.2015] Sent details to the vendor.
[23.11.2015] Working with the vendor.
[30.11.2015] Asked vendor for status update.
[30.11.2015] Vendor confirms issues, created patch, version 3.3 release in two weeks.
[04.12.2015] Vendor releases version 3.3 to address these issues.
[08.12.2015] Coordinated public security advisory released.
PoC
dotcms_mv.txt
Credits
Vulnerability discovered by Gjoko Krstic - <gjoko@zeroscience.mk>
References
[1] http://dotcms.com/docs/latest/change-log
[2] https://github.com/dotCMS/core/commit/7b86fc850bf547e8c82366240dae27e7e56b4305
[3] https://github.com/dotCMS/core/commit/1fdebbbd76619992356e9443230e35be8a2b60c3
[4] https://www.exploit-db.com/exploits/38906/
[5] https://packetstormsecurity.com/files/134714
[6] https://cxsecurity.com/issue/WLB-2015120088
[7] https://exchange.xforce.ibmcloud.com/vulnerabilities/108710
[8] https://exchange.xforce.ibmcloud.com/vulnerabilities/108711
[9] https://exchange.xforce.ibmcloud.com/vulnerabilities/108712
[10] https://exchange.xforce.ibmcloud.com/vulnerabilities/108713
[11] https://dotcms.com/security/SI-31
Changelog
[08.12.2015] - Initial release
[11.12.2015] - Added reference [7], [8], [9] and [10]
[25.05.2016] - Added reference [11]
Contact
Zero Science Lab

Web: http://www.zeroscience.mk
e-mail: lab@zeroscience.mk