Vulnerabilities > Dotcms > Medium

DATE CVE VULNERABILITY TITLE RISK
2021-04-23 CVE-2020-17542 Cross-site Scripting vulnerability in Dotcms 5.1.5
Cross Site Scripting (XSS) in dotCMS v5.1.5 allows remote attackers to execute arbitrary code by injecting a malicious payload into the "Task Detail" comment window of the "/dotAdmin/#/c/workflow" component.
network
low complexity
dotcms CWE-79
5.4
2020-12-21 CVE-2020-35274 Cross-site Scripting vulnerability in Dotcms 20.11
DotCMS Add Template with admin panel 20.11 is affected by cross-site Scripting (XSS) to gain remote privileges.
network
low complexity
dotcms CWE-79
4.8
2019-05-23 CVE-2019-12309 Path Traversal vulnerability in Dotcms
dotCMS before 5.1.0 has a path traversal vulnerability exploitable by an administrator to create files.
network
low complexity
dotcms CWE-22
4.9
2019-05-14 CVE-2019-11846 Cross-site Scripting vulnerability in Dotcms 5.1.1
/servlets/ajax_file_upload?fieldName=binary3 in dotCMS 5.1.1 allows XSS and HTML Injection.
network
low complexity
dotcms CWE-79
6.1
2019-03-07 CVE-2018-17422 Open Redirect vulnerability in Dotcms
dotCMS before 5.0.2 has open redirects via the html/common/forward_js.jsp FORWARD_URL parameter or the html/portlet/ext/common/page_preview_popup.jsp hostname parameter.
network
low complexity
dotcms CWE-601
6.1
2018-11-26 CVE-2018-19554 Cross-site Scripting vulnerability in Dotcms
An issue was discovered in Dotcms through 5.0.3.
network
low complexity
dotcms CWE-79
5.4
2018-09-12 CVE-2018-16980 Cross-site Scripting vulnerability in Dotcms 5.0.1
dotCMS V5.0.1 has XSS in the /html/portlet/ext/contentlet/image_tools/index.jsp fieldName and inode parameters.
network
low complexity
dotcms CWE-79
6.1
2018-07-24 CVE-2017-3188 Path Traversal vulnerability in Dotcms
The dotCMS administration panel, versions 3.7.1 and earlier, "Push Publishing" feature in Enterprise Pro is vulnerable to path traversal.
network
low complexity
dotcms CWE-22
6.5
2017-10-10 CVE-2017-15219 Cross-site Scripting vulnerability in Dotcms 4.1.1
The dotCMS 4.1.1 application is vulnerable to Stored Cross-Site Scripting (XSS) affecting a vanity-urls Title field, a containers Description field, and a templates Description field.
network
low complexity
dotcms CWE-79
5.4
2017-03-27 CVE-2017-6003 Cross-site Scripting vulnerability in Dotcms 3.7.0
dotCMS 3.7.0 has XSS reachable from ext/languages_manager/edit_language in portal/layout via the bottom two form fields.
network
low complexity
dotcms CWE-79
6.1