Total
52 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2019-12309 | 1 Dotcms | 1 Dotcms | 2019-05-24 | 4.0 MEDIUM | 4.9 MEDIUM |
dotCMS before 5.1.0 has a path traversal vulnerability exploitable by an administrator to create files. The vulnerability is caused by the insecure extraction of a ZIP archive. | |||||
CVE-2019-11846 | 1 Dotcms | 1 Dotcms | 2019-05-20 | 4.3 MEDIUM | 6.1 MEDIUM |
/servlets/ajax_file_upload?fieldName=binary3 in dotCMS 5.1.1 allows XSS and HTML Injection. | |||||
CVE-2017-5877 | 1 Dotcms | 1 Dotcms | 2019-03-15 | 4.3 MEDIUM | 6.1 MEDIUM |
XSS was discovered in dotCMS 3.7.0, with an unauthenticated attack against the /about-us/locations/index direction parameter. | |||||
CVE-2017-5875 | 1 Dotcms | 1 Dotcms | 2019-03-15 | 3.5 LOW | 5.4 MEDIUM |
XSS was discovered in dotCMS 3.7.0, with an authenticated attack against the /myAccount addressID parameter. | |||||
CVE-2017-5876 | 1 Dotcms | 1 Dotcms | 2019-03-15 | 4.3 MEDIUM | 6.1 MEDIUM |
XSS was discovered in dotCMS 3.7.0, with an unauthenticated attack against the /news-events/events date parameter. | |||||
CVE-2017-6003 | 1 Dotcms | 1 Dotcms | 2019-03-12 | 4.3 MEDIUM | 6.1 MEDIUM |
dotCMS 3.7.0 has XSS reachable from ext/languages_manager/edit_language in portal/layout via the bottom two form fields. | |||||
CVE-2018-17422 | 1 Dotcms | 1 Dotcms | 2019-03-08 | 5.8 MEDIUM | 6.1 MEDIUM |
dotCMS before 5.0.2 has open redirects via the html/common/forward_js.jsp FORWARD_URL parameter or the html/portlet/ext/common/page_preview_popup.jsp hostname parameter. | |||||
CVE-2018-19554 | 1 Dotcms | 1 Dotcms | 2019-03-06 | 3.5 LOW | 5.4 MEDIUM |
An issue was discovered in Dotcms through 5.0.3. Attackers may perform XSS attacks via the inode, identifier, or fieldName parameter in html/js/dotcms/dijit/image/image_tool.jsp. | |||||
CVE-2018-16980 | 1 Dotcms | 1 Dotcms | 2018-11-02 | 4.3 MEDIUM | 6.1 MEDIUM |
dotCMS V5.0.1 has XSS in the /html/portlet/ext/contentlet/image_tools/index.jsp fieldName and inode parameters. | |||||
CVE-2016-10007 | 1 Dotcms | 1 Dotcms | 2018-03-05 | 6.5 MEDIUM | 7.2 HIGH |
SQL injection vulnerability in the "Marketing > Forms" screen in dotCMS before 3.7.2 and 4.x before 4.1.1 allows remote authenticated administrators to execute arbitrary SQL commands via the _EXT_FORM_HANDLER_orderBy parameter. | |||||
CVE-2016-10008 | 1 Dotcms | 1 Dotcms | 2018-03-05 | 6.5 MEDIUM | 7.2 HIGH |
SQL injection vulnerability in the "Content Types > Content Types" screen in dotCMS before 3.7.2 and 4.x before 4.1.1 allows remote authenticated administrators to execute arbitrary SQL commands via the _EXT_STRUCTURE_direction parameter. | |||||
CVE-2017-15219 | 1 Dotcms | 1 Dotcms | 2017-10-25 | 3.5 LOW | 5.4 MEDIUM |
The dotCMS 4.1.1 application is vulnerable to Stored Cross-Site Scripting (XSS) affecting a vanity-urls Title field, a containers Description field, and a templates Description field. | |||||
CVE-2008-3708 | 1 Dotcms | 1 Dotcms | 2017-09-28 | 4.3 MEDIUM | N/A |
Multiple directory traversal vulnerabilities in dotCMS 1.6.0.9 allow remote attackers to read arbitrary files via a .. (dot dot) in the id parameter to (1) news/index.dot and (2) getting_started/macros/macros_detail.dot. | |||||
CVE-2017-5344 | 1 Dotcms | 1 Dotcms | 2017-08-31 | 7.5 HIGH | 9.8 CRITICAL |
An issue was discovered in dotCMS through 3.6.1. The findChildrenByFilter() function which is called by the web accessible path /categoriesServlet performs string interpolation and direct SQL query execution. SQL quote escaping and a keyword blacklist were implemented in a new class, SQLUtil (main/java/com/dotmarketing/common/util/SQLUtil.java), as part of the remediation of CVE-2016-8902; however, these can be overcome in the case of the q and inode parameters to the /categoriesServlet path. Overcoming these controls permits a number of blind boolean SQL injection vectors in either parameter. The /categoriesServlet web path can be accessed remotely and without authentication in a default dotCMS deployment. | |||||
CVE-2008-2397 | 1 Dotcms | 1 Dotcms | 2017-08-07 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in search-results.dot in dotCMS 1.x allows remote attackers to inject arbitrary web script or HTML via the search_query parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
CVE-2017-11466 | 1 Dotcms | 1 Dotcms | 2017-07-25 | 9.0 HIGH | 7.2 HIGH |
Arbitrary file upload vulnerability in com/dotmarketing/servlets/AjaxFileUploadServlet.class in dotCMS 4.1.1 allows remote authenticated administrators to upload .jsp files to arbitrary locations via directory traversal sequences in the fieldName parameter to servlets/ajax_file_upload. This results in arbitrary code execution by requesting the .jsp file at a /assets URI. | |||||
CVE-2016-2355 | 1 Dotcms | 1 Dotcms | 2016-12-22 | 7.5 HIGH | 9.8 CRITICAL |
SQL injection vulnerability in the REST API in dotCMS before 3.3.2 allows remote attackers to execute arbitrary SQL commands via the stName parameter to api/content/save/1. | |||||
CVE-2016-3971 | 1 Dotcms | 1 Dotcms | 2016-12-15 | 3.5 LOW | 4.8 MEDIUM |
Cross-site scripting (XSS) vulnerability in lucene_search.jsp in dotCMS before 3.5.1 allows remote attackers to inject arbitrary web script or HTML via the query parameter to c/portal/layout. | |||||
CVE-2016-8906 | 1 Dotcms | 1 Dotcms | 2016-11-29 | 6.5 MEDIUM | 8.8 HIGH |
SQL injection vulnerability in the "Site Browser > Links pages" screen in dotCMS before 3.3.1 allows remote authenticated attackers to execute arbitrary SQL commands via the orderby parameter. | |||||
CVE-2016-8905 | 1 Dotcms | 1 Dotcms | 2016-11-29 | 6.5 MEDIUM | 8.8 HIGH |
SQL injection vulnerability in the JSONTags servlet in dotCMS before 3.3.1 allows remote authenticated attackers to execute arbitrary SQL commands via the sort parameter. |