Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
dotcms dotcms vulnerabilities and exploits
(subscribe to this query)
5.4
CVSSv3
CVE-2017-15219
The dotCMS 4.1.1 application is vulnerable to Stored Cross-Site Scripting (XSS) affecting a vanity-urls Title field, a containers Description field, and a templates Description field.
Dotcms Dotcms 4.1.1
6.1
CVSSv3
CVE-2018-16980
dotCMS V5.0.1 has XSS in the /html/portlet/ext/contentlet/image_tools/index.jsp fieldName and inode parameters.
Dotcms Dotcms 5.0.1
6.1
CVSSv3
CVE-2019-11846
/servlets/ajax_file_upload?fieldName=binary3 in dotCMS 5.1.1 allows XSS and HTML Injection.
Dotcms Dotcms 5.1.1
4.8
CVSSv3
CVE-2020-35274
DotCMS Add Template with admin panel 20.11 is affected by cross-site Scripting (XSS) to gain remote privileges. An attacker could compromise the security of a website or web application through a stored XSS attack and stealing cookies using XSS.
Dotcms Dotcms 20.11
4.8
CVSSv3
CVE-2021-35358
A stored cross site scripting (XSS) vulnerability in dotAdmin/#/c/c_Images of dotCMS 21.05.1 allows authenticated malicious users to execute arbitrary web scripts or HTML via a crafted payload entered into the 'Title' and 'Filename' parameters.
Dotcms Dotcms 21.05.1
4.8
CVSSv3
CVE-2021-35360
A reflected cross site scripting (XSS) vulnerability in dotAdmin/#/c/containers of dotCMS 21.05.1 allows malicious users to execute arbitrary commands or HTML via a crafted payload.
Dotcms Dotcms 21.05.1
4.8
CVSSv3
CVE-2021-35361
A reflected cross site scripting (XSS) vulnerability in dotAdmin/#/c/links of dotCMS 21.05.1 allows malicious users to execute arbitrary commands or HTML via a crafted payload.
Dotcms Dotcms 21.05.1
5.4
CVSSv3
CVE-2017-5875
XSS exists in dotCMS 3.7.0, with an authenticated attack against the /myAccount addressID parameter.
Dotcms Dotcms 3.7.0
6.1
CVSSv3
CVE-2017-5876
XSS exists in dotCMS 3.7.0, with an unauthenticated attack against the /news-events/events date parameter.
Dotcms Dotcms 3.7.0
6.1
CVSSv3
CVE-2017-5877
XSS exists in dotCMS 3.7.0, with an unauthenticated attack against the /about-us/locations/index direction parameter.
Dotcms Dotcms 3.7.0
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-5834
CVE-2024-30100
CVE-2024-4577
physical
dos
CVE-2024-30099
CVE-2024-27801
CVE-2024-32146
logic flaw
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »