Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
dotcms vulnerabilities and exploits
(subscribe to this query)
312
VMScore
CVE-2020-17542
Cross Site Scripting (XSS) in dotCMS v5.1.5 allows remote malicious users to execute arbitrary code by injecting a malicious payload into the "Task Detail" comment window of the "/dotAdmin/#/c/workflow" component.
Dotcms Dotcms 5.1.5
312
VMScore
CVE-2017-5875
XSS exists in dotCMS 3.7.0, with an authenticated attack against the /myAccount addressID parameter.
Dotcms Dotcms 3.7.0
383
VMScore
CVE-2017-5876
XSS exists in dotCMS 3.7.0, with an unauthenticated attack against the /news-events/events date parameter.
Dotcms Dotcms 3.7.0
383
VMScore
CVE-2017-5877
XSS exists in dotCMS 3.7.0, with an unauthenticated attack against the /about-us/locations/index direction parameter.
Dotcms Dotcms 3.7.0
383
VMScore
CVE-2017-6003
dotCMS 3.7.0 has XSS reachable from ext/languages_manager/edit_language in portal/layout via the bottom two form fields.
Dotcms Dotcms 3.7.0
383
VMScore
CVE-2018-16980
dotCMS V5.0.1 has XSS in the /html/portlet/ext/contentlet/image_tools/index.jsp fieldName and inode parameters.
Dotcms Dotcms 5.0.1
383
VMScore
CVE-2019-11846
/servlets/ajax_file_upload?fieldName=binary3 in dotCMS 5.1.1 allows XSS and HTML Injection.
Dotcms Dotcms 5.1.1
312
VMScore
CVE-2020-35274
DotCMS Add Template with admin panel 20.11 is affected by cross-site Scripting (XSS) to gain remote privileges. An attacker could compromise the security of a website or web application through a stored XSS attack and stealing cookies using XSS.
Dotcms Dotcms 20.11
312
VMScore
CVE-2021-35358
A stored cross site scripting (XSS) vulnerability in dotAdmin/#/c/c_Images of dotCMS 21.05.1 allows authenticated malicious users to execute arbitrary web scripts or HTML via a crafted payload entered into the 'Title' and 'Filename' parameters.
Dotcms Dotcms 21.05.1
312
VMScore
CVE-2021-35360
A reflected cross site scripting (XSS) vulnerability in dotAdmin/#/c/containers of dotCMS 21.05.1 allows malicious users to execute arbitrary commands or HTML via a crafted payload.
Dotcms Dotcms 21.05.1
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-4463
CVE-2024-3400
deserialization
CVE-2024-21788
CVE-2023-42433
CVE-2024-21841
CVE-2024-22095
local file inclusion
memory leak
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »