Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
dotcms vulnerabilities and exploits
(subscribe to this query)
6.1
CVSSv3
CVE-2018-14040
In Bootstrap prior to 4.1.2, XSS is possible in the collapse data-parent attribute.
Debian Debian Linux 8.0
Getbootstrap Bootstrap
Getbootstrap Bootstrap 4.0.0
2 Github repositories
6.1
CVSSv3
CVE-2018-14042
In Bootstrap prior to 4.1.2, XSS is possible in the data-container property of tooltip.
Getbootstrap Bootstrap
Getbootstrap Bootstrap 4.0.0
2 Github repositories
6.1
CVSSv3
CVE-2018-14041
In Bootstrap prior to 4.1.2, XSS is possible in the data-target property of scrollspy.
Getbootstrap Bootstrap
Getbootstrap Bootstrap 4.0.0
4 Github repositories
7.2
CVSSv3
CVE-2016-10008
SQL injection vulnerability in the "Content Types > Content Types" screen in dotCMS prior to 3.7.2 and 4.x prior to 4.1.1 allows remote authenticated administrators to execute arbitrary SQL commands via the _EXT_STRUCTURE_direction parameter.
Dotcms Dotcms
7.2
CVSSv3
CVE-2016-10007
SQL injection vulnerability in the "Marketing > Forms" screen in dotCMS prior to 3.7.2 and 4.x prior to 4.1.1 allows remote authenticated administrators to execute arbitrary SQL commands via the _EXT_FORM_HANDLER_orderBy parameter.
Dotcms Dotcms
5.4
CVSSv3
CVE-2017-15219
The dotCMS 4.1.1 application is vulnerable to Stored Cross-Site Scripting (XSS) affecting a vanity-urls Title field, a containers Description field, and a templates Description field.
Dotcms Dotcms 4.1.1
7.2
CVSSv3
CVE-2017-11466
Arbitrary file upload vulnerability in com/dotmarketing/servlets/AjaxFileUploadServlet.class in dotCMS 4.1.1 allows remote authenticated administrators to upload .jsp files to arbitrary locations via directory traversal sequences in the fieldName parameter to servlets/ajax_file_u...
Dotcms Dotcms 4.1.1
6.1
CVSSv3
CVE-2017-6003
dotCMS 3.7.0 has XSS reachable from ext/languages_manager/edit_language in portal/layout via the bottom two form fields.
Dotcms Dotcms 3.7.0
9.8
CVSSv3
CVE-2017-5344
An issue exists in dotCMS up to and including 3.6.1. The findChildrenByFilter() function which is called by the web accessible path /categoriesServlet performs string interpolation and direct SQL query execution. SQL quote escaping and a keyword blacklist were implemented in a ne...
Dotcms Dotcms
1 EDB exploit
5.4
CVSSv3
CVE-2017-5875
XSS exists in dotCMS 3.7.0, with an authenticated attack against the /myAccount addressID parameter.
Dotcms Dotcms 3.7.0
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
NULL pointer dereference
CVE-2023-52689
CVE-2024-23803
client side
CVE-2023-52696
information disclosure
CVE-2024-35843
CVE-2024-27130
CVE-2023-52697
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »