{"id":"CVE-2022-37431","details":"A Reflected Cross-site scripting (XSS) issue was discovered in dotCMS Core through 22.06. This occurs in the admin portal when the configuration has XSS_PROTECTION_ENABLED=false. NOTE: the vendor disputes this because the current product behavior, in effect, has XSS_PROTECTION_ENABLED=true in all configurations","modified":"2026-04-10T04:49:54.320210Z","published":"2022-08-05T06:15:08.723Z","references":[{"type":"ADVISORY","url":"https://fortiguard.fortinet.com/zeroday/FG-VD-22-062"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/dotcms/core","events":[{"introduced":"0"},{"last_affected":"7da8eaae1dfebe8d9d430016813a20ed926f7950"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"22.06"}]}}],"versions":["3.0","3.5","3.5_Preview01","3.5_Preview02","3.6.0","pre3.5buildrevert","v22.06"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-37431.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}]}