Vulnerabilities > Dotcms
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-08-18 | CVE-2020-18875 | Injection vulnerability in Dotcms Incorrect Access Control in DotCMS versions before 5.1 allows remote attackers to gain privileges by injecting client configurations via vtl (velocity) files. | 8.8 |
| 2021-07-09 | CVE-2021-35358 | Cross-site Scripting vulnerability in Dotcms 21.05.1 A stored cross site scripting (XSS) vulnerability in dotAdmin/#/c/c_Images of dotCMS 21.05.1 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the 'Title' and 'Filename' parameters. | 4.8 |
| 2021-07-09 | CVE-2021-35360 | Cross-site Scripting vulnerability in Dotcms 21.05.1 A reflected cross site scripting (XSS) vulnerability in dotAdmin/#/c/containers of dotCMS 21.05.1 allows attackers to execute arbitrary commands or HTML via a crafted payload. | 4.8 |
| 2021-07-09 | CVE-2021-35361 | Cross-site Scripting vulnerability in Dotcms 21.05.1 A reflected cross site scripting (XSS) vulnerability in dotAdmin/#/c/links of dotCMS 21.05.1 allows attackers to execute arbitrary commands or HTML via a crafted payload. | 4.8 |
| 2021-04-23 | CVE-2020-17542 | Cross-site Scripting vulnerability in Dotcms 5.1.5 Cross Site Scripting (XSS) in dotCMS v5.1.5 allows remote attackers to execute arbitrary code by injecting a malicious payload into the "Task Detail" comment window of the "/dotAdmin/#/c/workflow" component. | 5.4 |
| 2020-12-30 | CVE-2020-27848 | SQL Injection vulnerability in Dotcms dotCMS before 20.10.1 allows SQL injection, as demonstrated by the /api/v1/containers orderby parameter. | 8.8 |
| 2020-12-21 | CVE-2020-35274 | Cross-site Scripting vulnerability in Dotcms 20.11 DotCMS Add Template with admin panel 20.11 is affected by cross-site Scripting (XSS) to gain remote privileges. | 4.8 |
| 2020-02-05 | CVE-2020-6754 | Unrestricted Upload of File with Dangerous Type vulnerability in Dotcms dotCMS before 5.2.4 is vulnerable to directory traversal, leading to incorrect access control. | 9.8 |
| 2019-06-18 | CVE-2019-12872 | SQL Injection vulnerability in Dotcms dotCMS before 5.1.6 is vulnerable to a SQL injection that can be exploited by an attacker of the role Publisher via view_unpushed_bundles.jsp. | 7.2 |
| 2019-05-23 | CVE-2019-12309 | Path Traversal vulnerability in Dotcms dotCMS before 5.1.0 has a path traversal vulnerability exploitable by an administrator to create files. | 4.9 |