Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
dotcms vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2013-3484
Multiple cross-site scripting (XSS) vulnerabilities in dotCMS prior to 2.3.2 allow remote malicious users to inject arbitrary web script or HTML via the (1) _loginUserName parameter to application/login/login.html, (2) my_account_login parameter to c/portal_public/login, or (3) e...
Dotcms Dotcms 2.0
Dotcms Dotcms 2.1.1
Dotcms Dotcms
Dotcms Dotcms 2.3
Dotcms Dotcms 2.2
Dotcms Dotcms 2.1
Dotcms Dotcms 2.0.1
Dotcms Dotcms 1.9.5.1
Dotcms Dotcms 2.2.1
NA
CVE-2008-2397
Cross-site scripting (XSS) vulnerability in search-results.dot in dotCMS 1.x allows remote malicious users to inject arbitrary web script or HTML via the search_query parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party ...
Dotcms Dotcms 1.0
Dotcms Dotcms 1.2.0
Dotcms Dotcms 1.6.0.3
Dotcms Dotcms 1.6.0.4
Dotcms Dotcms 1.5.1.1
Dotcms Dotcms 1.6
Dotcms Dotcms 1.5.0
Dotcms Dotcms 1.5.1
Dotcms Dotcms 1.6.0.1
Dotcms Dotcms 1.6.0.2
6.1
CVSSv3
CVE-2023-3042
In dotCMS, versions mentioned, a flaw in the NormalizationFilter does not strip double slashes (//) from URLs, potentially enabling bypasses for XSS and access controls. An example affected URL is https://demo.dotcms.com//html/portlet/ext/files/edit_text_inc.jsp https://demo.dotc...
Dotcms Dotcms 23.01
Dotcms Dotcms 5.3.8
Dotcms Dotcms 21.06
Dotcms Dotcms 22.03
NA
CVE-2012-1826
dotCMS 1.9 prior to 1.9.5.1 allows remote authenticated users to execute arbitrary Java code via a crafted (1) XSLT or (2) Velocity template.
Dotcms Dotcms 1.9.2.1
Dotcms Dotcms 1.9
8.8
CVSSv3
CVE-2016-8904
SQL injection vulnerability in the "Site Browser > Containers pages" screen in dotCMS prior to 3.3.1 allows remote authenticated malicious users to execute arbitrary SQL commands via the orderby parameter.
Dotcms Dotcms
8.8
CVSSv3
CVE-2016-8908
SQL injection vulnerability in the "Site Browser > HTML pages" screen in dotCMS prior to 3.3.1 allows remote authenticated malicious users to execute arbitrary SQL commands via the orderby parameter.
Dotcms Dotcms
6.5
CVSSv3
CVE-2022-45783
An issue exists in dotCMS core 4.x up to and including 22.10.2. An authenticated directory traversal vulnerability in the dotCMS API can lead to Remote Code Execution.
Dotcms Dotcms
9.8
CVSSv3
CVE-2020-19138
Unrestricted Upload of File with Dangerous Type in DotCMS v5.2.3 and previous versions allow remote malicious users to execute arbitrary code via the component "/src/main/java/com/dotmarketing/filters/CMSFilter.java".
Dotcms Dotcms
9.8
CVSSv3
CVE-2020-6754
dotCMS prior to 5.2.4 is vulnerable to directory traversal, leading to incorrect access control. It allows an malicious user to read or execute files under $TOMCAT_HOME/webapps/ROOT/assets (which should be a protected directory). Additionally, attackers can upload temporary files...
Dotcms Dotcms
9.8
CVSSv3
CVE-2022-26352
An issue exists in the ContentResource API in dotCMS 3.0 up to and including 22.02. Attackers can craft a multipart form request to post a file whose filename is not initially sanitized. This allows directory traversal, in which the file is saved outside of the intended storage l...
Dotcms Dotcms
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-4463
CVE-2024-29895
inject
CVE-2023-52689
CVE-2024-5049
CVE-2024-5051
privilege escalation
physical
CVE-2023-52676
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
6
NEXT »