Filtered by vendor Dotcms
Subscriptions
Filtered by product Dotcms
Subscriptions
Total
56 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2016-8904 | 1 Dotcms | 1 Dotcms | 2024-11-21 | N/A |
SQL injection vulnerability in the "Site Browser > Containers pages" screen in dotCMS before 3.3.1 allows remote authenticated attackers to execute arbitrary SQL commands via the orderby parameter. | ||||
CVE-2016-8903 | 1 Dotcms | 1 Dotcms | 2024-11-21 | N/A |
SQL injection vulnerability in the "Site Browser > Templates pages" screen in dotCMS before 3.3.1 allows remote authenticated attackers to execute arbitrary SQL commands via the orderby parameter. | ||||
CVE-2016-8902 | 1 Dotcms | 1 Dotcms | 2024-11-21 | N/A |
SQL injection vulnerability in the categoriesServlet servlet in dotCMS before 3.3.1 allows remote not authenticated attackers to execute arbitrary SQL commands via the sort parameter. | ||||
CVE-2016-8600 | 1 Dotcms | 1 Dotcms | 2024-11-21 | N/A |
In dotCMS 3.2.1, attacker can load captcha once, fill it with correct value and then this correct value is ok for forms with captcha check later. | ||||
CVE-2016-4803 | 1 Dotcms | 1 Dotcms | 2024-11-21 | N/A |
CRLF injection vulnerability in the send email functionality in dotCMS before 3.3.2 allows remote attackers to inject arbitrary email headers via CRLF sequences in the subject. | ||||
CVE-2016-4040 | 1 Dotcms | 1 Dotcms | 2024-11-21 | N/A |
SQL injection vulnerability in the Workflow Screen in dotCMS before 3.3.2 allows remote administrators to execute arbitrary SQL commands via the orderby parameter. | ||||
CVE-2016-3972 | 1 Dotcms | 1 Dotcms | 2024-11-21 | N/A |
Directory traversal vulnerability in the dotTailLogServlet in dotCMS before 3.5.1 allows remote authenticated administrators to read arbitrary files via a .. (dot dot) in the fileName parameter. | ||||
CVE-2016-3971 | 1 Dotcms | 1 Dotcms | 2024-11-21 | N/A |
Cross-site scripting (XSS) vulnerability in lucene_search.jsp in dotCMS before 3.5.1 allows remote attackers to inject arbitrary web script or HTML via the query parameter to c/portal/layout. | ||||
CVE-2016-3688 | 1 Dotcms | 1 Dotcms | 2024-11-21 | N/A |
SQL injection vulnerability in dotCMS before 3.5 allows remote administrators to execute arbitrary SQL commands via the c0-e3 parameter to dwr/call/plaincall/UserAjax.getUsersList.dwr. | ||||
CVE-2016-2355 | 1 Dotcms | 1 Dotcms | 2024-11-21 | N/A |
SQL injection vulnerability in the REST API in dotCMS before 3.3.2 allows remote attackers to execute arbitrary SQL commands via the stName parameter to api/content/save/1. | ||||
CVE-2016-10008 | 1 Dotcms | 1 Dotcms | 2024-11-21 | N/A |
SQL injection vulnerability in the "Content Types > Content Types" screen in dotCMS before 3.7.2 and 4.x before 4.1.1 allows remote authenticated administrators to execute arbitrary SQL commands via the _EXT_STRUCTURE_direction parameter. | ||||
CVE-2016-10007 | 1 Dotcms | 1 Dotcms | 2024-11-21 | N/A |
SQL injection vulnerability in the "Marketing > Forms" screen in dotCMS before 3.7.2 and 4.x before 4.1.1 allows remote authenticated administrators to execute arbitrary SQL commands via the _EXT_FORM_HANDLER_orderBy parameter. | ||||
CVE-2013-3484 | 1 Dotcms | 1 Dotcms | 2024-11-21 | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in dotCMS before 2.3.2 allow remote attackers to inject arbitrary web script or HTML via the (1) _loginUserName parameter to application/login/login.html, (2) my_account_login parameter to c/portal_public/login, or (3) email parameter to forgotPassword. | ||||
CVE-2012-1826 | 1 Dotcms | 1 Dotcms | 2024-11-21 | N/A |
dotCMS 1.9 before 1.9.5.1 allows remote authenticated users to execute arbitrary Java code via a crafted (1) XSLT or (2) Velocity template. | ||||
CVE-2008-3708 | 1 Dotcms | 1 Dotcms | 2024-11-21 | N/A |
Multiple directory traversal vulnerabilities in dotCMS 1.6.0.9 allow remote attackers to read arbitrary files via a .. (dot dot) in the id parameter to (1) news/index.dot and (2) getting_started/macros/macros_detail.dot. | ||||
CVE-2008-2397 | 1 Dotcms | 1 Dotcms | 2024-11-21 | N/A |
Cross-site scripting (XSS) vulnerability in search-results.dot in dotCMS 1.x allows remote attackers to inject arbitrary web script or HTML via the search_query parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. |