Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
dotcms dotcms vulnerabilities and exploits
(subscribe to this query)
4.3
CVSSv2
CVE-2013-3484
Multiple cross-site scripting (XSS) vulnerabilities in dotCMS prior to 2.3.2 allow remote malicious users to inject arbitrary web script or HTML via the (1) _loginUserName parameter to application/login/login.html, (2) my_account_login parameter to c/portal_public/login, or (3) e...
Dotcms Dotcms 2.0
Dotcms Dotcms 2.1.1
Dotcms Dotcms
Dotcms Dotcms 2.3
Dotcms Dotcms 2.2
Dotcms Dotcms 2.1
Dotcms Dotcms 2.0.1
Dotcms Dotcms 1.9.5.1
Dotcms Dotcms 2.2.1
4.3
CVSSv2
CVE-2008-2397
Cross-site scripting (XSS) vulnerability in search-results.dot in dotCMS 1.x allows remote malicious users to inject arbitrary web script or HTML via the search_query parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party ...
Dotcms Dotcms 1.0
Dotcms Dotcms 1.2.0
Dotcms Dotcms 1.6.0.3
Dotcms Dotcms 1.6.0.4
Dotcms Dotcms 1.5.1.1
Dotcms Dotcms 1.6
Dotcms Dotcms 1.5.0
Dotcms Dotcms 1.5.1
Dotcms Dotcms 1.6.0.1
Dotcms Dotcms 1.6.0.2
NA
CVE-2023-3042
In dotCMS, versions mentioned, a flaw in the NormalizationFilter does not strip double slashes (//) from URLs, potentially enabling bypasses for XSS and access controls. An example affected URL is https://demo.dotcms.com//html/portlet/ext/files/edit_text_inc.jsp https://demo.dotc...
Dotcms Dotcms 23.01
Dotcms Dotcms 5.3.8
Dotcms Dotcms 21.06
Dotcms Dotcms 22.03
6
CVSSv2
CVE-2012-1826
dotCMS 1.9 prior to 1.9.5.1 allows remote authenticated users to execute arbitrary Java code via a crafted (1) XSLT or (2) Velocity template.
Dotcms Dotcms 1.9.2.1
Dotcms Dotcms 1.9
6.5
CVSSv2
CVE-2016-10007
SQL injection vulnerability in the "Marketing > Forms" screen in dotCMS prior to 3.7.2 and 4.x prior to 4.1.1 allows remote authenticated administrators to execute arbitrary SQL commands via the _EXT_FORM_HANDLER_orderBy parameter.
Dotcms Dotcms
6.5
CVSSv2
CVE-2016-10008
SQL injection vulnerability in the "Content Types > Content Types" screen in dotCMS prior to 3.7.2 and 4.x prior to 4.1.1 allows remote authenticated administrators to execute arbitrary SQL commands via the _EXT_STRUCTURE_direction parameter.
Dotcms Dotcms
4
CVSSv2
CVE-2016-3688
SQL injection vulnerability in dotCMS prior to 3.5 allows remote administrators to execute arbitrary SQL commands via the c0-e3 parameter to dwr/call/plaincall/UserAjax.getUsersList.dwr.
Dotcms Dotcms
5
CVSSv2
CVE-2016-4803
CRLF injection vulnerability in the send email functionality in dotCMS prior to 3.3.2 allows remote malicious users to inject arbitrary email headers via CRLF sequences in the subject.
Dotcms Dotcms
3.5
CVSSv2
CVE-2016-3971
Cross-site scripting (XSS) vulnerability in lucene_search.jsp in dotCMS prior to 3.5.1 allows remote malicious users to inject arbitrary web script or HTML via the query parameter to c/portal/layout.
Dotcms Dotcms
4
CVSSv2
CVE-2016-3972
Directory traversal vulnerability in the dotTailLogServlet in dotCMS prior to 3.5.1 allows remote authenticated administrators to read arbitrary files via a .. (dot dot) in the fileName parameter.
Dotcms Dotcms
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-7073
CVE-2024-5496
CVE-2024-5495
XPath injection
bypass
CVE-2024-30043
CVE-2024-24919
denial of service
CVE-2024-35468
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
6
NEXT »