Vulnerabilities > Dotcms > Low

DATE CVE VULNERABILITY TITLE RISK
2021-07-09 CVE-2021-35361 Cross-site Scripting vulnerability in Dotcms 21.05.1
A reflected cross site scripting (XSS) vulnerability in dotAdmin/#/c/links of dotCMS 21.05.1 allows attackers to execute arbitrary commands or HTML via a crafted payload.
network
dotcms CWE-79
3.5
2021-07-09 CVE-2021-35360 Cross-site Scripting vulnerability in Dotcms 21.05.1
A reflected cross site scripting (XSS) vulnerability in dotAdmin/#/c/containers of dotCMS 21.05.1 allows attackers to execute arbitrary commands or HTML via a crafted payload.
network
dotcms CWE-79
3.5
2021-07-09 CVE-2021-35358 Cross-site Scripting vulnerability in Dotcms 21.05.1
A stored cross site scripting (XSS) vulnerability in dotAdmin/#/c/c_Images of dotCMS 21.05.1 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the 'Title' and 'Filename' parameters.
network
dotcms CWE-79
3.5
2021-04-23 CVE-2020-17542 Cross-site Scripting vulnerability in Dotcms 5.1.5
Cross Site Scripting (XSS) in dotCMS v5.1.5 allows remote attackers to execute arbitrary code by injecting a malicious payload into the "Task Detail" comment window of the "/dotAdmin/#/c/workflow" component.
network
dotcms CWE-79
3.5
2020-12-21 CVE-2020-35274 Cross-site Scripting vulnerability in Dotcms 20.11
DotCMS Add Template with admin panel 20.11 is affected by cross-site Scripting (XSS) to gain remote privileges.
network
dotcms CWE-79
3.5
2017-10-10 CVE-2017-15219 Cross-site Scripting vulnerability in Dotcms 4.1.1
The dotCMS 4.1.1 application is vulnerable to Stored Cross-Site Scripting (XSS) affecting a vanity-urls Title field, a containers Description field, and a templates Description field.
network
dotcms CWE-79
3.5
2017-02-06 CVE-2017-5875 Cross-site Scripting vulnerability in Dotcms 3.7.0
XSS was discovered in dotCMS 3.7.0, with an authenticated attack against the /myAccount addressID parameter.
network
dotcms CWE-79
3.5
2016-04-18 CVE-2016-3971 Cross-site Scripting vulnerability in Dotcms
Cross-site scripting (XSS) vulnerability in lucene_search.jsp in dotCMS before 3.5.1 allows remote attackers to inject arbitrary web script or HTML via the query parameter to c/portal/layout.
network
dotcms CWE-79
3.5