Vulnerabilities > Dotcms > Dotcms > 21.09

DATE CVE VULNERABILITY TITLE RISK
2024-07-25 CVE-2024-3938 Cross-site Scripting vulnerability in Dotcms
The "reset password" login page accepted an HTML injection via URL parameters. This has already been rectified via patch, and as such it cannot be demonstrated via Demo site link.
network
low complexity
dotcms CWE-79
6.1
6.1
2023-02-01 CVE-2022-45782 Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) vulnerability in Dotcms
An issue was discovered in dotCMS core 5.3.8.5 through 5.3.8.15 and 21.03 through 22.10.1.
network
low complexity
dotcms CWE-338
8.8
8.8
2023-02-01 CVE-2022-45783 Path Traversal vulnerability in Dotcms
An issue was discovered in dotCMS core 4.x through 22.10.2.
local
low complexity
dotcms CWE-22
6.5
6.5
2022-08-05 CVE-2022-37431 Cross-site Scripting vulnerability in Dotcms
A Reflected Cross-site scripting (XSS) issue was discovered in dotCMS Core through 22.06.
network
low complexity
dotcms CWE-79
6.1
6.1
2022-07-17 CVE-2022-26352 Unspecified vulnerability in Dotcms
An issue was discovered in the ContentResource API in dotCMS 3.0 through 22.02.
network
low complexity
dotcms
critical
 9.8
9.8