Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
dotcms vulnerabilities and exploits
(subscribe to this query)
7.2
CVSSv3
CVE-2016-10007
SQL injection vulnerability in the "Marketing > Forms" screen in dotCMS prior to 3.7.2 and 4.x prior to 4.1.1 allows remote authenticated administrators to execute arbitrary SQL commands via the _EXT_FORM_HANDLER_orderBy parameter.
Dotcms Dotcms
7.2
CVSSv3
CVE-2016-10008
SQL injection vulnerability in the "Content Types > Content Types" screen in dotCMS prior to 3.7.2 and 4.x prior to 4.1.1 allows remote authenticated administrators to execute arbitrary SQL commands via the _EXT_STRUCTURE_direction parameter.
Dotcms Dotcms
6.1
CVSSv3
CVE-2022-37431
A Reflected Cross-site scripting (XSS) issue exists in dotCMS Core up to and including 22.06. This occurs in the admin portal when the configuration has XSS_PROTECTION_ENABLED=false. NOTE: the vendor disputes this because the current product behavior, in effect, has XSS_PROTECTIO...
Dotcms Dotcms
7.2
CVSSv3
CVE-2016-4040
SQL injection vulnerability in the Workflow Screen in dotCMS prior to 3.3.2 allows remote administrators to execute arbitrary SQL commands via the orderby parameter.
Dotcms Dotcms
6.5
CVSSv3
CVE-2022-37033
In dotCMS 5.x-22.06, TempFileAPI allows a user to create a temporary file based on a passed in URL, while attempting to block any SSRF access to local IP addresses or private subnets. In resolving this URL, the TempFileAPI follows any 302 redirects that the remote URL returns. Be...
Dotcms Dotcms
7.2
CVSSv3
CVE-2019-12872
dotCMS prior to 5.1.6 is vulnerable to a SQL injection that can be exploited by an attacker of the role Publisher via view_unpushed_bundles.jsp.
Dotcms Dotcms
6.5
CVSSv3
CVE-2017-3188
The dotCMS administration panel, versions 3.7.1 and previous versions, "Push Publishing" feature in Enterprise Pro is vulnerable to path traversal. When "Bundle" tar.gz archives uploaded to the Push Publishing feature are decompressed, the filenames of its con...
Dotcms Dotcms
8.8
CVSSv3
CVE-2017-3187
The dotCMS administration panel, versions 3.7.1 and previous versions, are vulnerable to cross-site request forgery. The dotCMS administrator panel contains a cross-site request forgery (CSRF) vulnerability. An attacker can perform actions with the same permissions as a victim us...
Dotcms Dotcms
8.1
CVSSv3
CVE-2017-3189
The dotCMS administration panel, versions 3.7.1 and previous versions, "Push Publishing" feature in Enterprise Pro is vulnerable to arbitrary file upload. When "Bundle" tar.gz archives uploaded to the Push Publishing feature are decompressed, there are no chec...
Dotcms Dotcms
8.8
CVSSv3
CVE-2022-45782
An issue exists in dotCMS core 5.3.8.5 up to and including 5.3.8.15 and 21.03 up to and including 22.10.1. A cryptographically insecure random generation algorithm for password-reset token generation leads to account takeover.
Dotcms Dotcms
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
authentication bypass
CVE-2024-30051
remote
CVE-2024-27954
CVE-2023-51483
CVE-2023-47782
SSRF
CVE-2024-24715
CVE-2023-52424
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »