Vulnerabilities > Dotcms

DATE CVE VULNERABILITY TITLE RISK
2021-09-08 CVE-2020-19138 Unrestricted Upload of File with Dangerous Type vulnerability in Dotcms
Unrestricted Upload of File with Dangerous Type in DotCMS v5.2.3 and earlier allow remote attackers to execute arbitrary code via the component "/src/main/java/com/dotmarketing/filters/CMSFilter.java".
network
low complexity
dotcms CWE-434
critical
10.0
2021-08-18 CVE-2020-18875 Injection vulnerability in Dotcms
Incorrect Access Control in DotCMS versions before 5.1 allows remote attackers to gain privileges by injecting client configurations via vtl (velocity) files.
network
low complexity
dotcms CWE-74
6.5
2021-07-09 CVE-2021-35358 Cross-site Scripting vulnerability in Dotcms 21.05.1
A stored cross site scripting (XSS) vulnerability in dotAdmin/#/c/c_Images of dotCMS 21.05.1 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the 'Title' and 'Filename' parameters.
network
dotcms CWE-79
3.5
2021-07-09 CVE-2021-35360 Cross-site Scripting vulnerability in Dotcms 21.05.1
A reflected cross site scripting (XSS) vulnerability in dotAdmin/#/c/containers of dotCMS 21.05.1 allows attackers to execute arbitrary commands or HTML via a crafted payload.
network
dotcms CWE-79
3.5
2021-07-09 CVE-2021-35361 Cross-site Scripting vulnerability in Dotcms 21.05.1
A reflected cross site scripting (XSS) vulnerability in dotAdmin/#/c/links of dotCMS 21.05.1 allows attackers to execute arbitrary commands or HTML via a crafted payload.
network
dotcms CWE-79
3.5
2021-04-23 CVE-2020-17542 Cross-site Scripting vulnerability in Dotcms 5.1.5
Cross Site Scripting (XSS) in dotCMS v5.1.5 allows remote attackers to execute arbitrary code by injecting a malicious payload into the "Task Detail" comment window of the "/dotAdmin/#/c/workflow" component.
network
dotcms CWE-79
3.5
2020-12-30 CVE-2020-27848 SQL Injection vulnerability in Dotcms
dotCMS before 20.10.1 allows SQL injection, as demonstrated by the /api/v1/containers orderby parameter.
network
low complexity
dotcms CWE-89
6.5
2020-12-21 CVE-2020-35274 Cross-site Scripting vulnerability in Dotcms 20.11
DotCMS Add Template with admin panel 20.11 is affected by cross-site Scripting (XSS) to gain remote privileges.
network
dotcms CWE-79
3.5
2020-02-05 CVE-2020-6754 Path Traversal vulnerability in Dotcms
dotCMS before 5.2.4 is vulnerable to directory traversal, leading to incorrect access control.
network
low complexity
dotcms CWE-22
7.5
2019-06-18 CVE-2019-12872 SQL Injection vulnerability in Dotcms
dotCMS before 5.1.6 is vulnerable to a SQL injection that can be exploited by an attacker of the role Publisher via view_unpushed_bundles.jsp.
network
low complexity
dotcms CWE-89
6.5