Reflected (non-persistent) Cross Site Scripting (XSS) vulnerability exists in /html/common/referer_common.jsp

Can track status here:  https://github.com/dotCMS/core/issues/15870

1. dotCMS 5.2 and above ships with an XSS prevention filter that validates incoming requests to admin urls.  If the incoming request does not include a valid Refer or Origin Header, then the request will be blocked by the filter.  In essence, this blocks an attacker's ability to remotely trigger an XSS or referer vulnerability from a domain outside of the administrative panel.
   
   Versions of dotCMS < 5.2 can install the CSRF osgi plugin that does the same work as the XSS prevention filter.
   
   
2. Delete /html/common/referer_common.jsp from dotCMS deployment