Vulnerabilities > Dotcms > Dotcms
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2012-06-08 | CVE-2012-1826 | Permissions, Privileges, and Access Controls vulnerability in Dotcms 1.9/1.9.2.1 dotCMS 1.9 before 1.9.5.1 allows remote authenticated users to execute arbitrary Java code via a crafted (1) XSLT or (2) Velocity template. | 6.0 |
2008-08-19 | CVE-2008-3708 | Path Traversal vulnerability in Dotcms 1.6.0.9 Multiple directory traversal vulnerabilities in dotCMS 1.6.0.9 allow remote attackers to read arbitrary files via a .. | 4.3 |
2008-05-21 | CVE-2008-2397 | Cross-Site Scripting vulnerability in Dotcms Cross-site scripting (XSS) vulnerability in search-results.dot in dotCMS 1.x allows remote attackers to inject arbitrary web script or HTML via the search_query parameter. | 4.3 |