Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
dotcms dotcms vulnerabilities and exploits
(subscribe to this query)
383
VMScore
CVE-2019-11846
/servlets/ajax_file_upload?fieldName=binary3 in dotCMS 5.1.1 allows XSS and HTML Injection.
Dotcms Dotcms 5.1.1
383
VMScore
CVE-2017-5876
XSS exists in dotCMS 3.7.0, with an unauthenticated attack against the /news-events/events date parameter.
Dotcms Dotcms 3.7.0
383
VMScore
CVE-2017-6003
dotCMS 3.7.0 has XSS reachable from ext/languages_manager/edit_language in portal/layout via the bottom two form fields.
Dotcms Dotcms 3.7.0
312
VMScore
CVE-2020-35274
DotCMS Add Template with admin panel 20.11 is affected by cross-site Scripting (XSS) to gain remote privileges. An attacker could compromise the security of a website or web application through a stored XSS attack and stealing cookies using XSS.
Dotcms Dotcms 20.11
801
VMScore
CVE-2017-11466
Arbitrary file upload vulnerability in com/dotmarketing/servlets/AjaxFileUploadServlet.class in dotCMS 4.1.1 allows remote authenticated administrators to upload .jsp files to arbitrary locations via directory traversal sequences in the fieldName parameter to servlets/ajax_file_u...
Dotcms Dotcms 4.1.1
312
VMScore
CVE-2020-17542
Cross Site Scripting (XSS) in dotCMS v5.1.5 allows remote malicious users to execute arbitrary code by injecting a malicious payload into the "Task Detail" comment window of the "/dotAdmin/#/c/workflow" component.
Dotcms Dotcms 5.1.5
312
VMScore
CVE-2017-5875
XSS exists in dotCMS 3.7.0, with an authenticated attack against the /myAccount addressID parameter.
Dotcms Dotcms 3.7.0
383
VMScore
CVE-2017-5877
XSS exists in dotCMS 3.7.0, with an unauthenticated attack against the /about-us/locations/index direction parameter.
Dotcms Dotcms 3.7.0
312
VMScore
CVE-2017-15219
The dotCMS 4.1.1 application is vulnerable to Stored Cross-Site Scripting (XSS) affecting a vanity-urls Title field, a containers Description field, and a templates Description field.
Dotcms Dotcms 4.1.1
383
VMScore
CVE-2018-16980
dotCMS V5.0.1 has XSS in the /html/portlet/ext/contentlet/image_tools/index.jsp fieldName and inode parameters.
Dotcms Dotcms 5.0.1
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-49223
CVE-2024-0044
information disclosure
CVE-2024-35753
HTML injection
CVE-2024-21306
CVE-2024-35733
SQL injection
CVE-2024-35732
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »