Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
dotcms dotcms vulnerabilities and exploits
(subscribe to this query)
3.5
CVSSv2
CVE-2021-35361
A reflected cross site scripting (XSS) vulnerability in dotAdmin/#/c/links of dotCMS 21.05.1 allows malicious users to execute arbitrary commands or HTML via a crafted payload.
Dotcms Dotcms 21.05.1
4.3
CVSSv2
CVE-2008-3708
Multiple directory traversal vulnerabilities in dotCMS 1.6.0.9 allow remote malicious users to read arbitrary files via a .. (dot dot) in the id parameter to (1) news/index.dot and (2) getting_started/macros/macros_detail.dot.
Dotcms Dotcms 1.6.0.9
1 EDB exploit
9
CVSSv2
CVE-2017-11466
Arbitrary file upload vulnerability in com/dotmarketing/servlets/AjaxFileUploadServlet.class in dotCMS 4.1.1 allows remote authenticated administrators to upload .jsp files to arbitrary locations via directory traversal sequences in the fieldName parameter to servlets/ajax_file_u...
Dotcms Dotcms 4.1.1
7.5
CVSSv2
CVE-2008-7220
Unspecified vulnerability in Prototype JavaScript framework (prototypejs) prior to 1.6.0.2 allows malicious users to make "cross-site ajax requests" via unknown vectors.
Prototypejs Prototype
Debian Debian Linux 5.0
Debian Debian Linux 6.0
2 Github repositories
NA
CVE-2024-3164
In dotCMS dashboard, the Tools and Log Files tabs under System ? Maintenance Portlet, which is and always has been an Admin portlet, is accessible to anyone with that portlet and not just to CMS Admins. Users that get site admin but not a system admin, should not have access to t...
NA
CVE-2024-3165
System->Maintenance-> Log Files in dotCMS dashboard is providing the username/password for database connections in the log output. Nevertheless, this is a moderate issue as it requires a backend admin as well as that dbs are locked down by environment. OWASP Top 10 - A05) I...
4.3
CVSSv2
CVE-2018-14041
In Bootstrap prior to 4.1.2, XSS is possible in the data-target property of scrollspy.
Getbootstrap Bootstrap
Getbootstrap Bootstrap 4.0.0
4 Github repositories
4.3
CVSSv2
CVE-2018-14040
In Bootstrap prior to 4.1.2, XSS is possible in the collapse data-parent attribute.
Debian Debian Linux 8.0
Getbootstrap Bootstrap
Getbootstrap Bootstrap 4.0.0
2 Github repositories
4.3
CVSSv2
CVE-2018-14042
In Bootstrap prior to 4.1.2, XSS is possible in the data-container property of tooltip.
Getbootstrap Bootstrap
Getbootstrap Bootstrap 4.0.0
2 Github repositories
4.3
CVSSv2
CVE-2019-8331
In Bootstrap prior to 3.4.1 and 4.3.x prior to 4.3.1, XSS is possible in the tooltip or popover data-template attribute.
Getbootstrap Bootstrap
F5 Big-ip Local Traffic Manager
F5 Big-ip Application Security Manager
F5 Big-ip Access Policy Manager
F5 Big-ip Advanced Firewall Manager
F5 Big-ip Analytics
F5 Big-ip Application Acceleration Manager
F5 Big-ip Domain Name System
F5 Big-ip Fraud Protection Service
F5 Big-ip Global Traffic Manager
F5 Big-ip Link Controller
F5 Big-ip Policy Enforcement Manager
F5 Big-ip Webaccelerator
F5 Big-ip Edge Gateway
Redhat Virtualization Manager 4.3
Tenable Tenable.sc
6 Github repositories
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-4463
CVE-2024-3400
deserialization
CVE-2024-21788
CVE-2023-42433
CVE-2024-21841
CVE-2024-22095
local file inclusion
memory leak
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »