Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
dotcms vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2020-19138
Unrestricted Upload of File with Dangerous Type in DotCMS v5.2.3 and previous versions allow remote malicious users to execute arbitrary code via the component "/src/main/java/com/dotmarketing/filters/CMSFilter.java".
Dotcms Dotcms
8.8
CVSSv3
CVE-2020-18875
Incorrect Access Control in DotCMS versions prior to 5.1 allows remote malicious users to gain privileges by injecting client configurations via vtl (velocity) files.
Dotcms Dotcms
4.8
CVSSv3
CVE-2021-35360
A reflected cross site scripting (XSS) vulnerability in dotAdmin/#/c/containers of dotCMS 21.05.1 allows malicious users to execute arbitrary commands or HTML via a crafted payload.
Dotcms Dotcms 21.05.1
4.8
CVSSv3
CVE-2021-35361
A reflected cross site scripting (XSS) vulnerability in dotAdmin/#/c/links of dotCMS 21.05.1 allows malicious users to execute arbitrary commands or HTML via a crafted payload.
Dotcms Dotcms 21.05.1
4.8
CVSSv3
CVE-2021-35358
A stored cross site scripting (XSS) vulnerability in dotAdmin/#/c/c_Images of dotCMS 21.05.1 allows authenticated malicious users to execute arbitrary web scripts or HTML via a crafted payload entered into the 'Title' and 'Filename' parameters.
Dotcms Dotcms 21.05.1
5.4
CVSSv3
CVE-2020-17542
Cross Site Scripting (XSS) in dotCMS v5.1.5 allows remote malicious users to execute arbitrary code by injecting a malicious payload into the "Task Detail" comment window of the "/dotAdmin/#/c/workflow" component.
Dotcms Dotcms 5.1.5
8.8
CVSSv3
CVE-2020-27848
dotCMS prior to 20.10.1 allows SQL injection, as demonstrated by the /api/v1/containers orderby parameter. The PaginatorOrdered classes that are used to paginate results of a REST endpoints do not sanitize the orderBy parameter and in some cases it is vulnerable to SQL injection ...
Dotcms Dotcms
4.8
CVSSv3
CVE-2020-35274
DotCMS Add Template with admin panel 20.11 is affected by cross-site Scripting (XSS) to gain remote privileges. An attacker could compromise the security of a website or web application through a stored XSS attack and stealing cookies using XSS.
Dotcms Dotcms 20.11
9.8
CVSSv3
CVE-2020-6754
dotCMS prior to 5.2.4 is vulnerable to directory traversal, leading to incorrect access control. It allows an malicious user to read or execute files under $TOMCAT_HOME/webapps/ROOT/assets (which should be a protected directory). Additionally, attackers can upload temporary files...
Dotcms Dotcms
7.2
CVSSv3
CVE-2019-12872
dotCMS prior to 5.1.6 is vulnerable to a SQL injection that can be exploited by an attacker of the role Publisher via view_unpushed_bundles.jsp.
Dotcms Dotcms
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-29895
blind SQL injection
CVE-2024-5064
CVE-2023-52677
CVE-2023-52682
CVE-2024-30051
CVE-2024-35849
remote attackers
remote
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »