Vulnerabilities > Dotcms > Dotcms > 5.2.7

DATE CVE VULNERABILITY TITLE RISK
2023-02-01 CVE-2022-45783 Path Traversal vulnerability in Dotcms
An issue was discovered in dotCMS core 4.x through 22.10.2.
local
low complexity
dotcms CWE-22
6.5
6.5
2022-08-05 CVE-2022-37431 Cross-site Scripting vulnerability in Dotcms
A Reflected Cross-site scripting (XSS) issue was discovered in dotCMS Core through 22.06.
network
low complexity
dotcms CWE-79
6.1
6.1
2022-07-17 CVE-2022-26352 Unspecified vulnerability in Dotcms
An issue was discovered in the ContentResource API in dotCMS 3.0 through 22.02.
network
low complexity
dotcms
critical
 9.8
9.8
2020-12-30 CVE-2020-27848 SQL Injection vulnerability in Dotcms
dotCMS before 20.10.1 allows SQL injection, as demonstrated by the /api/v1/containers orderby parameter.
network
low complexity
dotcms CWE-89
6.5
6.5