Vulnerabilities > Dotcms > Dotcms > 21.05.1
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-02-01 | CVE-2022-45782 | Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) vulnerability in Dotcms An issue was discovered in dotCMS core 5.3.8.5 through 5.3.8.15 and 21.03 through 22.10.1. | 8.8 |
| 2023-02-01 | CVE-2022-45783 | Path Traversal vulnerability in Dotcms An issue was discovered in dotCMS core 4.x through 22.10.2. | 6.5 |
| 2022-08-05 | CVE-2022-37431 | Cross-site Scripting vulnerability in Dotcms A Reflected Cross-site scripting (XSS) issue was discovered in dotCMS Core through 22.06. | 6.1 |
| 2022-07-17 | CVE-2022-26352 | Unspecified vulnerability in Dotcms An issue was discovered in the ContentResource API in dotCMS 3.0 through 22.02. | 9.8 |
| 2021-07-09 | CVE-2021-35358 | Cross-site Scripting vulnerability in Dotcms 21.05.1 A stored cross site scripting (XSS) vulnerability in dotAdmin/#/c/c_Images of dotCMS 21.05.1 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the 'Title' and 'Filename' parameters. | 3.5 |
| 2021-07-09 | CVE-2021-35360 | Cross-site Scripting vulnerability in Dotcms 21.05.1 A reflected cross site scripting (XSS) vulnerability in dotAdmin/#/c/containers of dotCMS 21.05.1 allows attackers to execute arbitrary commands or HTML via a crafted payload. | 3.5 |
| 2021-07-09 | CVE-2021-35361 | Cross-site Scripting vulnerability in Dotcms 21.05.1 A reflected cross site scripting (XSS) vulnerability in dotAdmin/#/c/links of dotCMS 21.05.1 allows attackers to execute arbitrary commands or HTML via a crafted payload. | 3.5 |