Total
54 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-35740 | 1 Dotcms | 1 Dotcms | 2025-05-01 | N/A | 6.1 MEDIUM |
| dotCMS before 22.06 allows remote attackers to bypass intended access control and obtain sensitive information by using a semicolon in a URL to introduce a matrix parameter. (This is also fixed in 5.3.8.12, 21.06.9, and 22.03.2 for LTS users.) Some Java application frameworks, including those used by Spring or Tomcat, allow the use of matrix parameters: these are URI parameters separated by semicolons. Through precise semicolon placement in a URI, it is possible to exploit this feature to avoid dotCMS's path-based XSS prevention (such as "require login" filters), and consequently access restricted resources. For example, an attacker could place a semicolon immediately before a / character that separates elements of a filesystem path. This could reveal file content that is ordinarily only visible to signed-in users. This issue can be chained with other exploit code to achieve XSS attacks against dotCMS. | |||||
| CVE-2017-5876 | 1 Dotcms | 1 Dotcms | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| XSS was discovered in dotCMS 3.7.0, with an unauthenticated attack against the /news-events/events date parameter. | |||||
| CVE-2017-5877 | 1 Dotcms | 1 Dotcms | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| XSS was discovered in dotCMS 3.7.0, with an unauthenticated attack against the /about-us/locations/index direction parameter. | |||||
| CVE-2017-15219 | 1 Dotcms | 1 Dotcms | 2025-04-20 | 3.5 LOW | 5.4 MEDIUM |
| The dotCMS 4.1.1 application is vulnerable to Stored Cross-Site Scripting (XSS) affecting a vanity-urls Title field, a containers Description field, and a templates Description field. | |||||
| CVE-2017-11466 | 1 Dotcms | 1 Dotcms | 2025-04-20 | 9.0 HIGH | 7.2 HIGH |
| Arbitrary file upload vulnerability in com/dotmarketing/servlets/AjaxFileUploadServlet.class in dotCMS 4.1.1 allows remote authenticated administrators to upload .jsp files to arbitrary locations via directory traversal sequences in the fieldName parameter to servlets/ajax_file_upload. This results in arbitrary code execution by requesting the .jsp file at a /assets URI. | |||||
| CVE-2017-5875 | 1 Dotcms | 1 Dotcms | 2025-04-20 | 3.5 LOW | 5.4 MEDIUM |
| XSS was discovered in dotCMS 3.7.0, with an authenticated attack against the /myAccount addressID parameter. | |||||
| CVE-2017-6003 | 1 Dotcms | 1 Dotcms | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| dotCMS 3.7.0 has XSS reachable from ext/languages_manager/edit_language in portal/layout via the bottom two form fields. | |||||
| CVE-2017-5344 | 1 Dotcms | 1 Dotcms | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in dotCMS through 3.6.1. The findChildrenByFilter() function which is called by the web accessible path /categoriesServlet performs string interpolation and direct SQL query execution. SQL quote escaping and a keyword blacklist were implemented in a new class, SQLUtil (main/java/com/dotmarketing/common/util/SQLUtil.java), as part of the remediation of CVE-2016-8902; however, these can be overcome in the case of the q and inode parameters to the /categoriesServlet path. Overcoming these controls permits a number of blind boolean SQL injection vectors in either parameter. The /categoriesServlet web path can be accessed remotely and without authentication in a default dotCMS deployment. | |||||
| CVE-2016-8908 | 1 Dotcms | 1 Dotcms | 2025-04-12 | 6.5 MEDIUM | 8.8 HIGH |
| SQL injection vulnerability in the "Site Browser > HTML pages" screen in dotCMS before 3.3.1 allows remote authenticated attackers to execute arbitrary SQL commands via the orderby parameter. | |||||
| CVE-2016-8903 | 1 Dotcms | 1 Dotcms | 2025-04-12 | 6.5 MEDIUM | 8.8 HIGH |
| SQL injection vulnerability in the "Site Browser > Templates pages" screen in dotCMS before 3.3.1 allows remote authenticated attackers to execute arbitrary SQL commands via the orderby parameter. | |||||
| CVE-2016-8906 | 1 Dotcms | 1 Dotcms | 2025-04-12 | 6.5 MEDIUM | 8.8 HIGH |
| SQL injection vulnerability in the "Site Browser > Links pages" screen in dotCMS before 3.3.1 allows remote authenticated attackers to execute arbitrary SQL commands via the orderby parameter. | |||||
| CVE-2016-8902 | 1 Dotcms | 1 Dotcms | 2025-04-12 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability in the categoriesServlet servlet in dotCMS before 3.3.1 allows remote not authenticated attackers to execute arbitrary SQL commands via the sort parameter. | |||||
| CVE-2016-2355 | 1 Dotcms | 1 Dotcms | 2025-04-12 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability in the REST API in dotCMS before 3.3.2 allows remote attackers to execute arbitrary SQL commands via the stName parameter to api/content/save/1. | |||||
| CVE-2016-8904 | 1 Dotcms | 1 Dotcms | 2025-04-12 | 6.5 MEDIUM | 8.8 HIGH |
| SQL injection vulnerability in the "Site Browser > Containers pages" screen in dotCMS before 3.3.1 allows remote authenticated attackers to execute arbitrary SQL commands via the orderby parameter. | |||||
| CVE-2016-8905 | 1 Dotcms | 1 Dotcms | 2025-04-12 | 6.5 MEDIUM | 8.8 HIGH |
| SQL injection vulnerability in the JSONTags servlet in dotCMS before 3.3.1 allows remote authenticated attackers to execute arbitrary SQL commands via the sort parameter. | |||||
| CVE-2016-3972 | 1 Dotcms | 1 Dotcms | 2025-04-12 | 4.0 MEDIUM | 2.7 LOW |
| Directory traversal vulnerability in the dotTailLogServlet in dotCMS before 3.5.1 allows remote authenticated administrators to read arbitrary files via a .. (dot dot) in the fileName parameter. | |||||
| CVE-2016-8907 | 1 Dotcms | 1 Dotcms | 2025-04-12 | 6.5 MEDIUM | 8.8 HIGH |
| SQL injection vulnerability in the "Content Types > Content Types" screen in dotCMS before 3.3.1 allows remote authenticated attackers to execute arbitrary SQL commands via the orderby parameter. | |||||
| CVE-2013-3484 | 1 Dotcms | 1 Dotcms | 2025-04-12 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in dotCMS before 2.3.2 allow remote attackers to inject arbitrary web script or HTML via the (1) _loginUserName parameter to application/login/login.html, (2) my_account_login parameter to c/portal_public/login, or (3) email parameter to forgotPassword. | |||||
| CVE-2016-4803 | 1 Dotcms | 1 Dotcms | 2025-04-12 | 5.0 MEDIUM | 7.5 HIGH |
| CRLF injection vulnerability in the send email functionality in dotCMS before 3.3.2 allows remote attackers to inject arbitrary email headers via CRLF sequences in the subject. | |||||
| CVE-2016-4040 | 1 Dotcms | 1 Dotcms | 2025-04-12 | 6.5 MEDIUM | 7.2 HIGH |
| SQL injection vulnerability in the Workflow Screen in dotCMS before 3.3.2 allows remote administrators to execute arbitrary SQL commands via the orderby parameter. | |||||