Vulnerabilities > Html JS

DATE CVE VULNERABILITY TITLE RISK
2024-01-29 CVE-2023-51840 Use of Hard-coded Credentials vulnerability in Html-Js Doracms 2.1.8
DoraCMS 2.1.8 is vulnerable to Use of Hard-coded Cryptographic Key.
network
low complexity
html-js CWE-798
critical
9.8
2023-12-08 CVE-2023-49443 Improper Restriction of Excessive Authentication Attempts vulnerability in Html-Js Doracms 2.1.8
DoraCMS v2.1.8 was discovered to re-use the same code for verification of valid usernames and passwords.
network
low complexity
html-js CWE-307
critical
9.8
2023-12-08 CVE-2023-49444 Cross-site Scripting vulnerability in Html-Js Doracms 2.1.8
An arbitrary file upload vulnerability in DoraCMS v2.1.8 allow attackers to execute arbitrary code via uploading a crafted HTML or image file to the user avatar.
network
low complexity
html-js CWE-79
5.4
2022-08-17 CVE-2022-35147 Information Exposure vulnerability in Html-Js Doracms
DoraCMS v2.18 and earlier allows attackers to bypass login authentication via a crafted HTTP request.
network
low complexity
html-js CWE-200
critical
9.8
2022-03-20 CVE-2022-25464 Cross-site Scripting vulnerability in Html-Js Doracms 2.1.8
A stored cross-site scripting (XSS) vulnerability in the component /admin/contenttemp of DoraCMS v2.1.8 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.
network
html-js CWE-79
3.5
2021-05-20 CVE-2020-18220 Inadequate Encryption Strength vulnerability in Html-Js Doracms
Weak Encoding for Password in DoraCMS v2.1.1 and earlier allows attackers to obtain sensitive information as it does not use a random salt or IV for its AES-CBC encryption, causes password encrypted for users to be susceptible to dictionary attacks.
network
low complexity
html-js CWE-326
5.0
2018-09-06 CVE-2018-16622 Cross-site Scripting vulnerability in Html-Js Doracms 2.0.3
Multiple cross-site scripting (XSS) vulnerabilities in /api/content/addOne in DoraCMS v2.0.3 allow remote attackers to inject arbitrary web script or HTML via the (1) discription or (2) comments field, related to users/userAddContent.
network
html-js CWE-79
3.5