Vulnerabilities > Dotcms
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-02-05 | CVE-2020-6754 | Path Traversal vulnerability in Dotcms dotCMS before 5.2.4 is vulnerable to directory traversal, leading to incorrect access control. | 7.5 |
| 2019-06-18 | CVE-2019-12872 | SQL Injection vulnerability in Dotcms dotCMS before 5.1.6 is vulnerable to a SQL injection that can be exploited by an attacker of the role Publisher via view_unpushed_bundles.jsp. | 6.5 |
| 2019-05-23 | CVE-2019-12309 | Path Traversal vulnerability in Dotcms dotCMS before 5.1.0 has a path traversal vulnerability exploitable by an administrator to create files. | 4.0 |
| 2019-05-14 | CVE-2019-11846 | Cross-site Scripting vulnerability in Dotcms 5.1.1 /servlets/ajax_file_upload?fieldName=binary3 in dotCMS 5.1.1 allows XSS and HTML Injection. | 4.3 |
| 2019-03-07 | CVE-2018-17422 | Open Redirect vulnerability in Dotcms dotCMS before 5.0.2 has open redirects via the html/common/forward_js.jsp FORWARD_URL parameter or the html/portlet/ext/common/page_preview_popup.jsp hostname parameter. | 5.8 |
| 2018-11-26 | CVE-2018-19554 | Cross-site Scripting vulnerability in Dotcms An issue was discovered in Dotcms through 5.0.3. | 3.5 |
| 2018-09-12 | CVE-2018-16980 | Cross-site Scripting vulnerability in Dotcms 5.0.1 dotCMS V5.0.1 has XSS in the /html/portlet/ext/contentlet/image_tools/index.jsp fieldName and inode parameters. | 4.3 |
| 2018-07-24 | CVE-2017-3189 | Unrestricted Upload of File with Dangerous Type vulnerability in Dotcms The dotCMS administration panel, versions 3.7.1 and earlier, "Push Publishing" feature in Enterprise Pro is vulnerable to arbitrary file upload. | 9.3 |
| 2018-07-24 | CVE-2017-3188 | Path Traversal vulnerability in Dotcms The dotCMS administration panel, versions 3.7.1 and earlier, "Push Publishing" feature in Enterprise Pro is vulnerable to path traversal. | 4.0 |
| 2018-07-24 | CVE-2017-3187 | Cross-Site Request Forgery (CSRF) vulnerability in Dotcms The dotCMS administration panel, versions 3.7.1 and earlier, are vulnerable to cross-site request forgery. | 6.8 |