dotCMS 1.9 prior to 1.9.5.1 allows remote authenticated users to execute arbitrary Java code via a crafted (1) XSLT or (2) Velocity template.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
dotcms dotcms 1.9.2.1 |
||
dotcms dotcms 1.9 |