CVE-2019-11846 (dotcms)

/servlets/ajax_file_upload?fieldName=binary3 in dotCMS 5.1.1 allows XSS and HTML Injection.
Source: NIST
CVE-2019-11846 (dotcms)