CVE-2022-37431: 
dotCMS vulnerability analysis and mitigation

A Reflected Cross-site scripting (XSS) vulnerability was discovered in dotCMS Core Admin portal. However, this vulnerability is disputed because dotCMS has a XSSFilter mechanism that helps prevent the exploitation of this vulnerability. While this default mechanism can be turned off via option XSS_PROTECTION_ENABLED=false, because the XSSFilter mechanism is enabled by default the vendor has concluded this XSS vulnerability to be a no-fix issue (Fortinet Blog).

Multiple endpoints were found to be vulnerable to Cross-site Scripting (XSS) in the Admin portal. The XSSFilter is an input sanitizer designed by the vendor to minimize XSS and Cross-Site Request Forgery (CSRF) vulnerabilities in the administrator portal. Under the hood, dotCMS blocks direct access to all files under the administrative directories, e.g. /html, /dotAdmin, etc. But access to administrative directories will be granted if a valid Referer or Origin header is specified in an HTTP request (Fortinet Blog).

The potential impact of this vulnerability is limited due to the default XSSFilter mechanism that prevents exploitation. If the XSSFilter protection is disabled, an attacker could potentially execute malicious scripts in the context of the admin portal (Fortinet Blog).

No specific mitigation is required as the XSSFilter mechanism is enabled by default in dotCMS. The vendor recommends keeping the default XSS protection enabled. Users should avoid disabling the XSS_PROTECTION_ENABLED setting unless absolutely necessary (Fortinet Blog).