Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
dotcms dotcms vulnerabilities and exploits
(subscribe to this query)
5
CVSSv2
CVE-2016-4803
CRLF injection vulnerability in the send email functionality in dotCMS prior to 3.3.2 allows remote malicious users to inject arbitrary email headers via CRLF sequences in the subject.
Dotcms Dotcms
5.8
CVSSv2
CVE-2018-17422
dotCMS prior to 5.0.2 has open redirects via the html/common/forward_js.jsp FORWARD_URL parameter or the html/portlet/ext/common/page_preview_popup.jsp hostname parameter.
Dotcms Dotcms
NA
CVE-2022-37033
In dotCMS 5.x-22.06, TempFileAPI allows a user to create a temporary file based on a passed in URL, while attempting to block any SSRF access to local IP addresses or private subnets. In resolving this URL, the TempFileAPI follows any 302 redirects that the remote URL returns. Be...
Dotcms Dotcms
NA
CVE-2022-37034
In dotCMS 5.x-22.06, it is possible to call the TempResource multiple times, each time requesting the dotCMS server to download a large file. If done repeatedly, this will result in Tomcat request-thread exhaustion and ultimately a denial of any other requests.
Dotcms Dotcms
7.5
CVSSv2
CVE-2017-5344
An issue exists in dotCMS up to and including 3.6.1. The findChildrenByFilter() function which is called by the web accessible path /categoriesServlet performs string interpolation and direct SQL query execution. SQL quote escaping and a keyword blacklist were implemented in a ne...
Dotcms Dotcms
1 EDB exploit
3.5
CVSSv2
CVE-2018-19554
An issue exists in Dotcms up to and including 5.0.3. Attackers may perform XSS attacks via the inode, identifier, or fieldName parameter in html/js/dotcms/dijit/image/image_tool.jsp.
Dotcms Dotcms
6.5
CVSSv2
CVE-2020-18875
Incorrect Access Control in DotCMS versions prior to 5.1 allows remote malicious users to gain privileges by injecting client configurations via vtl (velocity) files.
Dotcms Dotcms
4
CVSSv2
CVE-2019-12309
dotCMS prior to 5.1.0 has a path traversal vulnerability exploitable by an administrator to create files. The vulnerability is caused by the insecure extraction of a ZIP archive.
Dotcms Dotcms
7.5
CVSSv2
CVE-2016-2355
SQL injection vulnerability in the REST API in dotCMS prior to 3.3.2 allows remote malicious users to execute arbitrary SQL commands via the stName parameter to api/content/save/1.
Dotcms Dotcms
1 Github repository
6.8
CVSSv2
CVE-2017-3187
The dotCMS administration panel, versions 3.7.1 and previous versions, are vulnerable to cross-site request forgery. The dotCMS administrator panel contains a cross-site request forgery (CSRF) vulnerability. An attacker can perform actions with the same permissions as a victim us...
Dotcms Dotcms
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-5324
path traversal
CVE-2024-4743
CVE-2024-5184
TCP
CVE-2024-27822
code injection
CVE-2024-28995
CVE-2023-20938
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »