Vulnerabilities > Dotcms
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2019-05-14 | CVE-2019-11846 | Cross-site Scripting vulnerability in Dotcms 5.1.1 /servlets/ajax_file_upload?fieldName=binary3 in dotCMS 5.1.1 allows XSS and HTML Injection. | 6.1 |
2019-03-07 | CVE-2018-17422 | Open Redirect vulnerability in Dotcms dotCMS before 5.0.2 has open redirects via the html/common/forward_js.jsp FORWARD_URL parameter or the html/portlet/ext/common/page_preview_popup.jsp hostname parameter. | 6.1 |
2018-11-26 | CVE-2018-19554 | Cross-site Scripting vulnerability in Dotcms An issue was discovered in Dotcms through 5.0.3. | 5.4 |
2018-09-12 | CVE-2018-16980 | Cross-site Scripting vulnerability in Dotcms 5.0.1 dotCMS V5.0.1 has XSS in the /html/portlet/ext/contentlet/image_tools/index.jsp fieldName and inode parameters. | 6.1 |
2018-07-24 | CVE-2017-3189 | Unrestricted Upload of File with Dangerous Type vulnerability in Dotcms The dotCMS administration panel, versions 3.7.1 and earlier, "Push Publishing" feature in Enterprise Pro is vulnerable to arbitrary file upload. | 8.1 |
2018-07-24 | CVE-2017-3188 | Path Traversal vulnerability in Dotcms The dotCMS administration panel, versions 3.7.1 and earlier, "Push Publishing" feature in Enterprise Pro is vulnerable to path traversal. | 6.5 |
2018-07-24 | CVE-2017-3187 | Cross-Site Request Forgery (CSRF) vulnerability in Dotcms The dotCMS administration panel, versions 3.7.1 and earlier, are vulnerable to cross-site request forgery. | 8.8 |
2018-02-19 | CVE-2016-10008 | SQL Injection vulnerability in Dotcms SQL injection vulnerability in the "Content Types > Content Types" screen in dotCMS before 3.7.2 and 4.x before 4.1.1 allows remote authenticated administrators to execute arbitrary SQL commands via the _EXT_STRUCTURE_direction parameter. | 7.2 |
2018-02-19 | CVE-2016-10007 | SQL Injection vulnerability in Dotcms SQL injection vulnerability in the "Marketing > Forms" screen in dotCMS before 3.7.2 and 4.x before 4.1.1 allows remote authenticated administrators to execute arbitrary SQL commands via the _EXT_FORM_HANDLER_orderBy parameter. | 7.2 |
2017-10-10 | CVE-2017-15219 | Cross-site Scripting vulnerability in Dotcms 4.1.1 The dotCMS 4.1.1 application is vulnerable to Stored Cross-Site Scripting (XSS) affecting a vanity-urls Title field, a containers Description field, and a templates Description field. | 5.4 |