Vulnerabilities > Dotcms > Medium

DATE CVE VULNERABILITY TITLE RISK
2016-04-19 CVE-2016-3688 Information Exposure vulnerability in Dotcms
SQL injection vulnerability in dotCMS before 3.5 allows remote administrators to execute arbitrary SQL commands via the c0-e3 parameter to dwr/call/plaincall/UserAjax.getUsersList.dwr.
network
low complexity
dotcms CWE-200
4.0
4.0
2016-04-18 CVE-2016-3972 Path Traversal vulnerability in Dotcms
Directory traversal vulnerability in the dotTailLogServlet in dotCMS before 3.5.1 allows remote authenticated administrators to read arbitrary files via a ..
network
low complexity
dotcms CWE-22
4.0
4.0
2014-04-02 CVE-2013-3484 Cross-Site Scripting vulnerability in Dotcms
Multiple cross-site scripting (XSS) vulnerabilities in dotCMS before 2.3.2 allow remote attackers to inject arbitrary web script or HTML via the (1) _loginUserName parameter to application/login/login.html, (2) my_account_login parameter to c/portal_public/login, or (3) email parameter to forgotPassword.
network
dotcms CWE-79
4.3
4.3
2012-06-08 CVE-2012-1826 Permissions, Privileges, and Access Controls vulnerability in Dotcms 1.9/1.9.2.1
dotCMS 1.9 before 1.9.5.1 allows remote authenticated users to execute arbitrary Java code via a crafted (1) XSLT or (2) Velocity template.
network
dotcms CWE-264
6.0
6.0
2008-08-19 CVE-2008-3708 Path Traversal vulnerability in Dotcms 1.6.0.9
Multiple directory traversal vulnerabilities in dotCMS 1.6.0.9 allow remote attackers to read arbitrary files via a ..
network
dotcms CWE-22
4.3
4.3
2008-05-21 CVE-2008-2397 Cross-Site Scripting vulnerability in Dotcms
Cross-site scripting (XSS) vulnerability in search-results.dot in dotCMS 1.x allows remote attackers to inject arbitrary web script or HTML via the search_query parameter.
network
dotcms CWE-79
4.3
4.3