CVE-2019-11846

/servlets/ajax_file_upload?fieldName=binary3 in dotCMS 5.1.1 allows XSS and HTML Injection.

Source: CVE-2019-11846