Filtered by vendor Html-js
Subscriptions
Filtered by product Doracms
Subscriptions
Total
7 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-16622 | 1 Html-js | 1 Doracms | 2024-09-17 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in /api/content/addOne in DoraCMS v2.0.3 allow remote attackers to inject arbitrary web script or HTML via the (1) discription or (2) comments field, related to users/userAddContent. | ||||
| CVE-2020-18220 | 1 Html-js | 1 Doracms | 2024-08-04 | 7.5 High |
| Weak Encoding for Password in DoraCMS v2.1.1 and earlier allows attackers to obtain sensitive information as it does not use a random salt or IV for its AES-CBC encryption, causes password encrypted for users to be susceptible to dictionary attacks. | ||||
| CVE-2022-35147 | 1 Html-js | 1 Doracms | 2024-08-03 | 9.8 Critical |
| DoraCMS v2.18 and earlier allows attackers to bypass login authentication via a crafted HTTP request. | ||||
| CVE-2022-25464 | 1 Html-js | 1 Doracms | 2024-08-03 | 4.8 Medium |
| A stored cross-site scripting (XSS) vulnerability in the component /admin/contenttemp of DoraCMS v2.1.8 allows attackers to execute arbitrary web scripts or HTML via a crafted payload. | ||||
| CVE-2023-51840 | 1 Html-js | 1 Doracms | 2024-08-02 | 9.8 Critical |
| DoraCMS 2.1.8 is vulnerable to Use of Hard-coded Cryptographic Key. | ||||
| CVE-2023-49443 | 1 Html-js | 1 Doracms | 2024-08-02 | 9.8 Critical |
| DoraCMS v2.1.8 was discovered to re-use the same code for verification of valid usernames and passwords. This vulnerability allows attackers to gain access to the application via a bruteforce attack. | ||||
| CVE-2023-49444 | 1 Html-js | 1 Doracms | 2024-08-02 | 5.4 Medium |
| An arbitrary file upload vulnerability in DoraCMS v2.1.8 allow attackers to execute arbitrary code via uploading a crafted HTML or image file to the user avatar. | ||||
Page 1 of 1.