Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
dotcms dotcms vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2013-3484
Multiple cross-site scripting (XSS) vulnerabilities in dotCMS prior to 2.3.2 allow remote malicious users to inject arbitrary web script or HTML via the (1) _loginUserName parameter to application/login/login.html, (2) my_account_login parameter to c/portal_public/login, or (3) e...
Dotcms Dotcms 2.0
Dotcms Dotcms 2.1.1
Dotcms Dotcms
Dotcms Dotcms 2.3
Dotcms Dotcms 2.2
Dotcms Dotcms 2.1
Dotcms Dotcms 2.0.1
Dotcms Dotcms 1.9.5.1
Dotcms Dotcms 2.2.1
NA
CVE-2008-2397
Cross-site scripting (XSS) vulnerability in search-results.dot in dotCMS 1.x allows remote malicious users to inject arbitrary web script or HTML via the search_query parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party ...
Dotcms Dotcms 1.0
Dotcms Dotcms 1.2.0
Dotcms Dotcms 1.6.0.3
Dotcms Dotcms 1.6.0.4
Dotcms Dotcms 1.5.1.1
Dotcms Dotcms 1.6
Dotcms Dotcms 1.5.0
Dotcms Dotcms 1.5.1
Dotcms Dotcms 1.6.0.1
Dotcms Dotcms 1.6.0.2
6.1
CVSSv3
CVE-2023-3042
In dotCMS, versions mentioned, a flaw in the NormalizationFilter does not strip double slashes (//) from URLs, potentially enabling bypasses for XSS and access controls. An example affected URL is https://demo.dotcms.com//html/portlet/ext/files/edit_text_inc.jsp https://demo.dotc...
Dotcms Dotcms 23.01
Dotcms Dotcms 5.3.8
Dotcms Dotcms 21.06
Dotcms Dotcms 22.03
NA
CVE-2012-1826
dotCMS 1.9 prior to 1.9.5.1 allows remote authenticated users to execute arbitrary Java code via a crafted (1) XSLT or (2) Velocity template.
Dotcms Dotcms 1.9.2.1
Dotcms Dotcms 1.9
9.8
CVSSv3
CVE-2016-2355
SQL injection vulnerability in the REST API in dotCMS prior to 3.3.2 allows remote malicious users to execute arbitrary SQL commands via the stName parameter to api/content/save/1.
Dotcms Dotcms
1 Github repository
7.2
CVSSv3
CVE-2016-10007
SQL injection vulnerability in the "Marketing > Forms" screen in dotCMS prior to 3.7.2 and 4.x prior to 4.1.1 allows remote authenticated administrators to execute arbitrary SQL commands via the _EXT_FORM_HANDLER_orderBy parameter.
Dotcms Dotcms
7.2
CVSSv3
CVE-2016-10008
SQL injection vulnerability in the "Content Types > Content Types" screen in dotCMS prior to 3.7.2 and 4.x prior to 4.1.1 allows remote authenticated administrators to execute arbitrary SQL commands via the _EXT_STRUCTURE_direction parameter.
Dotcms Dotcms
9.8
CVSSv3
CVE-2016-8902
SQL injection vulnerability in the categoriesServlet servlet in dotCMS prior to 3.3.1 allows remote not authenticated malicious users to execute arbitrary SQL commands via the sort parameter.
Dotcms Dotcms
8.8
CVSSv3
CVE-2016-8903
SQL injection vulnerability in the "Site Browser > Templates pages" screen in dotCMS prior to 3.3.1 allows remote authenticated malicious users to execute arbitrary SQL commands via the orderby parameter.
Dotcms Dotcms
8.8
CVSSv3
CVE-2016-8905
SQL injection vulnerability in the JSONTags servlet in dotCMS prior to 3.3.1 allows remote authenticated malicious users to execute arbitrary SQL commands via the sort parameter.
Dotcms Dotcms
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-22120
CVE-2024-35921
CVE-2024-35874
brute force
CVE-2024-36080
unprivileged
CVE-2024-35917
IDOR
CVE-2024-4947
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
6
NEXT »