Vulnerabilities > Html JS > Doracms > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-12-08 | CVE-2023-49444 | Cross-site Scripting vulnerability in Html-Js Doracms 2.1.8 An arbitrary file upload vulnerability in DoraCMS v2.1.8 allow attackers to execute arbitrary code via uploading a crafted HTML or image file to the user avatar. | 5.4 |
| 2022-03-20 | CVE-2022-25464 | Cross-site Scripting vulnerability in Html-Js Doracms 2.1.8 A stored cross-site scripting (XSS) vulnerability in the component /admin/contenttemp of DoraCMS v2.1.8 allows attackers to execute arbitrary web scripts or HTML via a crafted payload. | 4.8 |
| 2018-09-06 | CVE-2018-16622 | Cross-site Scripting vulnerability in Html-Js Doracms 2.0.3 Multiple cross-site scripting (XSS) vulnerabilities in /api/content/addOne in DoraCMS v2.0.3 allow remote attackers to inject arbitrary web script or HTML via the (1) discription or (2) comments field, related to users/userAddContent. | 5.4 |