Vulnerabilities > Dotcms > Dotcms > 5.1.1

DATE CVE VULNERABILITY TITLE RISK
2023-02-01 CVE-2022-45783 Path Traversal vulnerability in Dotcms
An issue was discovered in dotCMS core 4.x through 22.10.2.
local
low complexity
dotcms CWE-22
6.5
2022-08-05 CVE-2022-37431 Cross-site Scripting vulnerability in Dotcms
A Reflected Cross-site scripting (XSS) issue was discovered in dotCMS Core through 22.06.
network
low complexity
dotcms CWE-79
6.1
2022-07-17 CVE-2022-26352 Unspecified vulnerability in Dotcms
An issue was discovered in the ContentResource API in dotCMS 3.0 through 22.02.
network
low complexity
dotcms
critical
9.8
2021-09-08 CVE-2020-19138 Unrestricted Upload of File with Dangerous Type vulnerability in Dotcms
Unrestricted Upload of File with Dangerous Type in DotCMS v5.2.3 and earlier allow remote attackers to execute arbitrary code via the component "/src/main/java/com/dotmarketing/filters/CMSFilter.java".
network
low complexity
dotcms CWE-434
critical
10.0
2020-12-30 CVE-2020-27848 SQL Injection vulnerability in Dotcms
dotCMS before 20.10.1 allows SQL injection, as demonstrated by the /api/v1/containers orderby parameter.
network
low complexity
dotcms CWE-89
6.5
2020-02-05 CVE-2020-6754 Path Traversal vulnerability in Dotcms
dotCMS before 5.2.4 is vulnerable to directory traversal, leading to incorrect access control.
network
low complexity
dotcms CWE-22
7.5
2019-06-18 CVE-2019-12872 SQL Injection vulnerability in Dotcms
dotCMS before 5.1.6 is vulnerable to a SQL injection that can be exploited by an attacker of the role Publisher via view_unpushed_bundles.jsp.
network
low complexity
dotcms CWE-89
6.5
2019-05-14 CVE-2019-11846 Cross-site Scripting vulnerability in Dotcms 5.1.1
/servlets/ajax_file_upload?fieldName=binary3 in dotCMS 5.1.1 allows XSS and HTML Injection.
network
dotcms CWE-79
4.3