Vulnerabilities > Dotcms

DATE CVE VULNERABILITY TITLE RISK
2021-07-09 CVE-2021-35358 Cross-Site Scripting vulnerability in Dotcms 21.05.1
A stored cross site scripting (XSS) vulnerability in dotAdmin/#/c/c_Images of dotCMS 21.05.1 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the 'Title' and 'Filename' parameters.
network
dotcms CWE-79
3.5
2021-07-09 CVE-2021-35360 Cross-Site Scripting vulnerability in Dotcms 21.05.1
A reflected cross site scripting (XSS) vulnerability in dotAdmin/#/c/containers of dotCMS 21.05.1 allows attackers to execute arbitrary commands or HTML via a crafted payload.
network
dotcms CWE-79
3.5
2021-07-09 CVE-2021-35361 Cross-Site Scripting vulnerability in Dotcms 21.05.1
A reflected cross site scripting (XSS) vulnerability in dotAdmin/#/c/links of dotCMS 21.05.1 allows attackers to execute arbitrary commands or HTML via a crafted payload.
network
dotcms CWE-79
3.5
2021-04-23 CVE-2020-17542 Cross-Site Scripting vulnerability in Dotcms 5.1.5
Cross Site Scripting (XSS) in dotCMS v5.1.5 allows remote attackers to execute arbitrary code by injecting a malicious payload into the "Task Detail" comment window of the "/dotAdmin/#/c/workflow" component.
network
dotcms CWE-79
3.5
2020-12-30 CVE-2020-27848 SQL Injection vulnerability in Dotcms
dotCMS before 20.10.1 allows SQL injection, as demonstrated by the /api/v1/containers orderby parameter.
network
low complexity
dotcms CWE-89
6.5
2020-12-21 CVE-2020-35274 Cross-Site Scripting vulnerability in Dotcms 20.11
DotCMS Add Template with admin panel 20.11 is affected by cross-site Scripting (XSS) to gain remote privileges.
network
dotcms CWE-79
3.5
2020-02-05 CVE-2020-6754 Path Traversal vulnerability in Dotcms
dotCMS before 5.2.4 is vulnerable to directory traversal, leading to incorrect access control.
network
low complexity
dotcms CWE-22
7.5
2019-06-18 CVE-2019-12872 SQL Injection vulnerability in Dotcms
dotCMS before 5.1.6 is vulnerable to a SQL injection that can be exploited by an attacker of the role Publisher via view_unpushed_bundles.jsp.
network
low complexity
dotcms CWE-89
6.5
2019-05-23 CVE-2019-12309 Path Traversal vulnerability in Dotcms
dotCMS before 5.1.0 has a path traversal vulnerability exploitable by an administrator to create files.
network
low complexity
dotcms CWE-22
4.0
2019-05-14 CVE-2019-11846 Cross-Site Scripting vulnerability in Dotcms 5.1.1
/servlets/ajax_file_upload?fieldName=binary3 in dotCMS 5.1.1 allows XSS and HTML Injection.
network
dotcms CWE-79
4.3