3 matches found
CVE-2012-1826
dotCMS 1.9 before 1.9.5.1 allows remote authenticated users to execute arbitrary Java code via a crafted 1 XSLT or 2 Velocity template...
CVE-2012-1826
The CVE-2012-1826 vulnerability affects dotCMS 1.9 prior to 1.9.5.1, where an authenticated user with permissions to author/upload templates can craft malicious XSLT or Velocity templates that execute arbitrary Java code on the web service account. This can lead to remote code execution and poten...
dotCMS template permissions allow arbitrary code execution
Overview The dotCMS content management system version 1.9 and possibly earlier versions, contains a vulnerability that allows users with the appropriate permissions to create a malicious template with arbitrary code. Description An authenticated dotCMS user with the permissions required to author...