Vulnerabilities > Dotcms

DATE	CVE	VULNERABILITY TITLE	RISK
2022-11-10	CVE-2022-35740	Cross-site Scripting vulnerability in Dotcms dotCMS before 22.06 allows remote attackers to bypass intended access control and obtain sensitive information by using a semicolon in a URL to introduce a matrix parameter. network low complexity dotcms CWE-79	6.1
2022-07-17	CVE-2022-26352	Unrestricted Upload of File with Dangerous Type vulnerability in Dotcms An issue was discovered in the ContentResource API in dotCMS 3.0 through 22.02. network dotcms CWE-434	6.8
2021-09-08	CVE-2020-19138	Unrestricted Upload of File with Dangerous Type vulnerability in Dotcms Unrestricted Upload of File with Dangerous Type in DotCMS v5.2.3 and earlier allow remote attackers to execute arbitrary code via the component "/src/main/java/com/dotmarketing/filters/CMSFilter.java". network low complexity dotcms CWE-434 critical	10.0
2021-08-18	CVE-2020-18875	Injection vulnerability in Dotcms Incorrect Access Control in DotCMS versions before 5.1 allows remote attackers to gain privileges by injecting client configurations via vtl (velocity) files. network low complexity dotcms CWE-74	8.8
2021-07-09	CVE-2021-35358	Cross-site Scripting vulnerability in Dotcms 21.05.1 A stored cross site scripting (XSS) vulnerability in dotAdmin/#/c/c_Images of dotCMS 21.05.1 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the 'Title' and 'Filename' parameters. network dotcms CWE-79	3.5
2021-07-09	CVE-2021-35360	Cross-site Scripting vulnerability in Dotcms 21.05.1 A reflected cross site scripting (XSS) vulnerability in dotAdmin/#/c/containers of dotCMS 21.05.1 allows attackers to execute arbitrary commands or HTML via a crafted payload. network dotcms CWE-79	3.5
2021-07-09	CVE-2021-35361	Cross-site Scripting vulnerability in Dotcms 21.05.1 A reflected cross site scripting (XSS) vulnerability in dotAdmin/#/c/links of dotCMS 21.05.1 allows attackers to execute arbitrary commands or HTML via a crafted payload. network dotcms CWE-79	3.5
2021-04-23	CVE-2020-17542	Cross-site Scripting vulnerability in Dotcms 5.1.5 Cross Site Scripting (XSS) in dotCMS v5.1.5 allows remote attackers to execute arbitrary code by injecting a malicious payload into the "Task Detail" comment window of the "/dotAdmin/#/c/workflow" component. network dotcms CWE-79	3.5
2020-12-30	CVE-2020-27848	SQL Injection vulnerability in Dotcms dotCMS before 20.10.1 allows SQL injection, as demonstrated by the /api/v1/containers orderby parameter. network low complexity dotcms CWE-89	6.5
2020-12-21	CVE-2020-35274	Cross-site Scripting vulnerability in Dotcms 20.11 DotCMS Add Template with admin panel 20.11 is affected by cross-site Scripting (XSS) to gain remote privileges. network dotcms CWE-79	3.5

Vulnerabilities > Dotcms {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Dotcms"}]}

Vulnerabilities > Dotcms