Vulnerabilities > Html JS > Doracms > 2.0.3
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-08-17 | CVE-2022-35147 | Information Exposure vulnerability in Html-Js Doracms DoraCMS v2.18 and earlier allows attackers to bypass login authentication via a crafted HTTP request. | 9.8 |
| 2021-05-20 | CVE-2020-18220 | Inadequate Encryption Strength vulnerability in Html-Js Doracms Weak Encoding for Password in DoraCMS v2.1.1 and earlier allows attackers to obtain sensitive information as it does not use a random salt or IV for its AES-CBC encryption, causes password encrypted for users to be susceptible to dictionary attacks. | 7.5 |
| 2018-09-06 | CVE-2018-16622 | Cross-site Scripting vulnerability in Html-Js Doracms 2.0.3 Multiple cross-site scripting (XSS) vulnerabilities in /api/content/addOne in DoraCMS v2.0.3 allow remote attackers to inject arbitrary web script or HTML via the (1) discription or (2) comments field, related to users/userAddContent. | 5.4 |