Vulnerabilities > Dotcms > Dotcms > 5.2.8.2
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-07-25 | CVE-2024-3938 | Cross-site Scripting vulnerability in Dotcms The "reset password" login page accepted an HTML injection via URL parameters. This has already been rectified via patch, and as such it cannot be demonstrated via Demo site link. | 6.1 |
| 2023-02-01 | CVE-2022-37034 | Uncontrolled Recursion vulnerability in Dotcms In dotCMS 5.x-22.06, it is possible to call the TempResource multiple times, each time requesting the dotCMS server to download a large file. | 5.3 |
| 2023-02-01 | CVE-2022-37033 | Server-Side Request Forgery (SSRF) vulnerability in Dotcms In dotCMS 5.x-22.06, TempFileAPI allows a user to create a temporary file based on a passed in URL, while attempting to block any SSRF access to local IP addresses or private subnets. | 6.5 |
| 2023-02-01 | CVE-2022-45783 | Path Traversal vulnerability in Dotcms An issue was discovered in dotCMS core 4.x through 22.10.2. | 6.5 |
| 2022-08-05 | CVE-2022-37431 | Cross-site Scripting vulnerability in Dotcms A Reflected Cross-site scripting (XSS) issue was discovered in dotCMS Core through 22.06. | 6.1 |
| 2022-07-17 | CVE-2022-26352 | Unspecified vulnerability in Dotcms An issue was discovered in the ContentResource API in dotCMS 3.0 through 22.02. | 9.8 |
| 2020-12-30 | CVE-2020-27848 | SQL Injection vulnerability in Dotcms dotCMS before 20.10.1 allows SQL injection, as demonstrated by the /api/v1/containers orderby parameter. | 8.8 |