CVE-2020-17542

Cross Site Scripting (XSS) in dotCMS v5.1.5 allows remote attackers to execute arbitrary code by injecting a malicious payload into the «Task Detail» comment window of the «/dotAdmin/#/c/workflow» component.