Vulnerabilities > Dotcms > Dotcms > 22.03.2
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-02-01 | CVE-2022-37034 | Uncontrolled Recursion vulnerability in Dotcms 22.03/22.03.2 In dotCMS 5.x-22.06, it is possible to call the TempResource multiple times, each time requesting the dotCMS server to download a large file. | 5.3 |
2023-02-01 | CVE-2022-37033 | Server-Side Request Forgery (SSRF) vulnerability in Dotcms 22.03/22.03.2 In dotCMS 5.x-22.06, TempFileAPI allows a user to create a temporary file based on a passed in URL, while attempting to block any SSRF access to local IP addresses or private subnets. | 6.5 |
2023-02-01 | CVE-2022-45783 | Path Traversal vulnerability in Dotcms An issue was discovered in dotCMS core 4.x through 22.10.2. | 6.5 |
2022-11-10 | CVE-2022-35740 | Cross-site Scripting vulnerability in Dotcms dotCMS before 22.06 allows remote attackers to bypass intended access control and obtain sensitive information by using a semicolon in a URL to introduce a matrix parameter. | 6.1 |
2022-08-05 | CVE-2022-37431 | Cross-site Scripting vulnerability in Dotcms A Reflected Cross-site scripting (XSS) issue was discovered in dotCMS Core through 22.06. | 6.1 |