Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
dotcms dotcms vulnerabilities and exploits
(subscribe to this query)
383
VMScore
CVE-2013-3484
Multiple cross-site scripting (XSS) vulnerabilities in dotCMS prior to 2.3.2 allow remote malicious users to inject arbitrary web script or HTML via the (1) _loginUserName parameter to application/login/login.html, (2) my_account_login parameter to c/portal_public/login, or (3) e...
Dotcms Dotcms 2.0
Dotcms Dotcms 2.1.1
Dotcms Dotcms
Dotcms Dotcms 2.3
Dotcms Dotcms 2.2
Dotcms Dotcms 2.1
Dotcms Dotcms 2.0.1
Dotcms Dotcms 1.9.5.1
Dotcms Dotcms 2.2.1
383
VMScore
CVE-2008-2397
Cross-site scripting (XSS) vulnerability in search-results.dot in dotCMS 1.x allows remote malicious users to inject arbitrary web script or HTML via the search_query parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party ...
Dotcms Dotcms 1.0
Dotcms Dotcms 1.2.0
Dotcms Dotcms 1.6.0.3
Dotcms Dotcms 1.6.0.4
Dotcms Dotcms 1.5.1.1
Dotcms Dotcms 1.6
Dotcms Dotcms 1.5.0
Dotcms Dotcms 1.5.1
Dotcms Dotcms 1.6.0.1
Dotcms Dotcms 1.6.0.2
NA
CVE-2023-3042
In dotCMS, versions mentioned, a flaw in the NormalizationFilter does not strip double slashes (//) from URLs, potentially enabling bypasses for XSS and access controls. An example affected URL is https://demo.dotcms.com//html/portlet/ext/files/edit_text_inc.jsp https://demo.dotc...
Dotcms Dotcms 23.01
Dotcms Dotcms 5.3.8
Dotcms Dotcms 21.06
Dotcms Dotcms 22.03
534
VMScore
CVE-2012-1826
dotCMS 1.9 prior to 1.9.5.1 allows remote authenticated users to execute arbitrary Java code via a crafted (1) XSLT or (2) Velocity template.
Dotcms Dotcms 1.9.2.1
Dotcms Dotcms 1.9
578
VMScore
CVE-2020-18875
Incorrect Access Control in DotCMS versions prior to 5.1 allows remote malicious users to gain privileges by injecting client configurations via vtl (velocity) files.
Dotcms Dotcms
890
VMScore
CVE-2020-19138
Unrestricted Upload of File with Dangerous Type in DotCMS v5.2.3 and previous versions allow remote malicious users to execute arbitrary code via the component "/src/main/java/com/dotmarketing/filters/CMSFilter.java".
Dotcms Dotcms
578
VMScore
CVE-2019-12872
dotCMS prior to 5.1.6 is vulnerable to a SQL injection that can be exploited by an attacker of the role Publisher via view_unpushed_bundles.jsp.
Dotcms Dotcms
578
VMScore
CVE-2016-10008
SQL injection vulnerability in the "Content Types > Content Types" screen in dotCMS prior to 3.7.2 and 4.x prior to 4.1.1 allows remote authenticated administrators to execute arbitrary SQL commands via the _EXT_STRUCTURE_direction parameter.
Dotcms Dotcms
668
VMScore
CVE-2020-6754
dotCMS prior to 5.2.4 is vulnerable to directory traversal, leading to incorrect access control. It allows an malicious user to read or execute files under $TOMCAT_HOME/webapps/ROOT/assets (which should be a protected directory). Additionally, attackers can upload temporary files...
Dotcms Dotcms
356
VMScore
CVE-2016-3688
SQL injection vulnerability in dotCMS prior to 3.5 allows remote administrators to execute arbitrary SQL commands via the c0-e3 parameter to dwr/call/plaincall/UserAjax.getUsersList.dwr.
Dotcms Dotcms
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-29895
blind SQL injection
CVE-2024-5064
CVE-2023-52677
CVE-2023-52682
CVE-2024-30051
CVE-2024-35849
remote attackers
remote
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
6
NEXT »