Vulnerabilities > Dotcms > Dotcms > 3.3.1
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2016-04-18 | CVE-2016-3972 | Path Traversal vulnerability in Dotcms Directory traversal vulnerability in the dotTailLogServlet in dotCMS before 3.5.1 allows remote authenticated administrators to read arbitrary files via a .. | 4.0 |
| 2016-04-18 | CVE-2016-3971 | Cross-site Scripting vulnerability in Dotcms Cross-site scripting (XSS) vulnerability in lucene_search.jsp in dotCMS before 3.5.1 allows remote attackers to inject arbitrary web script or HTML via the query parameter to c/portal/layout. | 3.5 |