Vulnerabilities > Dotcms > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-04-23 | CVE-2020-17542 | Cross-site Scripting vulnerability in Dotcms 5.1.5 Cross Site Scripting (XSS) in dotCMS v5.1.5 allows remote attackers to execute arbitrary code by injecting a malicious payload into the "Task Detail" comment window of the "/dotAdmin/#/c/workflow" component. | 5.4 |
| 2020-12-21 | CVE-2020-35274 | Cross-site Scripting vulnerability in Dotcms 20.11 DotCMS Add Template with admin panel 20.11 is affected by cross-site Scripting (XSS) to gain remote privileges. | 4.8 |
| 2019-05-23 | CVE-2019-12309 | Path Traversal vulnerability in Dotcms dotCMS before 5.1.0 has a path traversal vulnerability exploitable by an administrator to create files. | 4.9 |
| 2019-05-14 | CVE-2019-11846 | Cross-site Scripting vulnerability in Dotcms 5.1.1 /servlets/ajax_file_upload?fieldName=binary3 in dotCMS 5.1.1 allows XSS and HTML Injection. | 6.1 |
| 2019-03-07 | CVE-2018-17422 | Open Redirect vulnerability in Dotcms dotCMS before 5.0.2 has open redirects via the html/common/forward_js.jsp FORWARD_URL parameter or the html/portlet/ext/common/page_preview_popup.jsp hostname parameter. | 6.1 |
| 2018-11-26 | CVE-2018-19554 | Cross-site Scripting vulnerability in Dotcms An issue was discovered in Dotcms through 5.0.3. | 5.4 |
| 2018-09-12 | CVE-2018-16980 | Cross-site Scripting vulnerability in Dotcms 5.0.1 dotCMS V5.0.1 has XSS in the /html/portlet/ext/contentlet/image_tools/index.jsp fieldName and inode parameters. | 6.1 |
| 2018-07-24 | CVE-2017-3188 | Path Traversal vulnerability in Dotcms The dotCMS administration panel, versions 3.7.1 and earlier, "Push Publishing" feature in Enterprise Pro is vulnerable to path traversal. | 6.5 |
| 2017-10-10 | CVE-2017-15219 | Cross-site Scripting vulnerability in Dotcms 4.1.1 The dotCMS 4.1.1 application is vulnerable to Stored Cross-Site Scripting (XSS) affecting a vanity-urls Title field, a containers Description field, and a templates Description field. | 5.4 |
| 2017-03-27 | CVE-2017-6003 | Cross-site Scripting vulnerability in Dotcms 3.7.0 dotCMS 3.7.0 has XSS reachable from ext/languages_manager/edit_language in portal/layout via the bottom two form fields. | 6.1 |