A URL of attackers choice can be passed as a parameter to a specific dotCMS endpoint.  This endpoint responds with a 302 redirect which causes the browser to load the URL passed into dotCMS.  This could be used a part of a phishing attack or to redirect user to an infection page. - https://www.owasp.org/index.php/Testing_for_Client_Side_URL_Redirect_(OTG-CLIENT-004)

To exploit this vulnerability, the user must be logged into the backend of dotCMS.

Status of this issue can be tracked here:  https://github.com/dotCMS/core/issues/15810

Application firewall