519 matches found
CVE-2020-18875
Incorrect Access Control in DotCMS versions before 5.1 allows remote attackers to gain privileges by injecting client configurations via vtl velocity files...
CVE-2020-35274
DotCMS Add Template with admin panel 20.11 is affected by cross-site Scripting XSS to gain remote privileges. An attacker could compromise the security of a website or web application through a stored XSS attack and stealing cookies using XSS...
CVE-2020-27848
dotCMS before 20.10.1 allows SQL injection, as demonstrated by the /api/v1/containers orderby parameter. The PaginatorOrdered classes that are used to paginate results of a REST endpoints do not sanitize the orderBy parameter and in some cases it is vulnerable to SQL injection attacks. A user mus...
CVE-2019-12872
dotCMS before 5.1.6 is vulnerable to a SQL injection that can be exploited by an attacker of the role Publisher via viewunpushedbundles.jsp...
CVE-2018-16980
dotCMS V5.0.1 has XSS in the /html/portlet/ext/contentlet/imagetools/index.jsp fieldName and inode parameters...
CVE-2016-4040
SQL injection vulnerability in the Workflow Screen in dotCMS before 3.3.2 allows remote administrators to execute arbitrary SQL commands via the orderby parameter...
CVE-2017-15219
The dotCMS 4.1.1 application is vulnerable to Stored Cross-Site Scripting XSS affecting a vanity-urls Title field, a containers Description field, and a templates Description field...
PT-2024-31161
Name of the Vulnerable Software and Affected Versions Software versions prior to 24.07.12 Software versions 23.01.20 LTS through 23.01.19 LTS Software versions 23.10.24v13 LTS and earlier Software versions 24.04.24v5 LTS and earlier Description The issue arises in the System → Maintenance tool,...
DotCMS 安全漏洞
DotCMS is an open source content management system written in Java by DotCMS, Inc. for managing content and content-driven sites and applications. A security vulnerability exists in DotCMS. An attacker exploiting the vulnerability could mimic other users by session ID...
DotCMS 安全漏洞
DotCMS is an open source content management system written in Java by DotCMS, Inc. for managing content and content-driven sites and applications. A security vulnerability exists in DotCMS that originates from a URL parameter in the login page for resetting a password that can inject HTML code...
CVE-2024-3164
In dotCMS dashboard, the Tools and Log Files tabs under System → Maintenance Portlet, which is and always has been an Admin portlet, is accessible to anyone with that portlet and not just to CMS Admins. Users that get site admin but not a system admin, should not have access to the System...
CVE-2024-3164
In dotCMS dashboard, the Tools and Log Files tabs under System → Maintenance Portlet, which is and always has been an Admin portlet, is accessible to anyone with that portlet and not just to CMS Admins. Users that get site admin but not a system admin, should not have access to the System...
CVE-2024-3165 Database Credential Exposure in the Logs
System-Maintenance- Log Files in dotCMS dashboard is providing the username/password for database connections in the log output. Nevertheless, this is a moderate issue as it requires a backend admin as well as that dbs are locked down by environment. OWASP Top 10 - A05 Insecure Design OWASP Top...
CVE-2024-3165 Database Credential Exposure in the Logs
System-Maintenance- Log Files in dotCMS dashboard is providing the username/password for database connections in the log output. Nevertheless, this is a moderate issue as it requires a backend admin as well as that dbs are locked down by environment. OWASP Top 10 - A05 Insecure Design OWASP Top...
CVE-2024-3165
CVE-2024-3165 affects dotCMS where the System->Maintenance-> Log Files output reveals database credentials (username/password) in logs. This is described as a moderate issue requiring backend admin access and environment-led DB lockdown. Connected documents confirm the vulnerability stems f...
CVE-2024-3164
In dotCMS dashboard, the Tools and Log Files tabs under System → Maintenance Portlet, which is and always has been an Admin portlet, is accessible to anyone with that portlet and not just to CMS Admins. Users that get site admin but not a system admin, should not have access to the System...
CVE-2024-3164
In dotCMS dashboard, the Tools and Log Files tabs under System → Maintenance Portlet, which is and always has been an Admin portlet, is accessible to anyone with that portlet and not just to CMS Admins. Users that get site admin but not a system admin, should not have access to the System...
CVE-2024-3164
The CVE-2024-3164 issue affects dotCMS where the Tools and Log Files tabs under System → Maintenance Portlet are accessible to any user with the portlet, not just CMS Admins. The vulnerability arises from broken access control, allowing site-admin users (without system-admin privileges) to access...
DotCMS 安全漏洞
DotCMS is an open source content management system written in Java by DotCMS, Inc. for managing content and content-driven sites and applications. A security vulnerability exists in DotCMS that originates in the log files that provide usernames and passwords for database connections...
dotCMS 安全漏洞
DotCMS is an open source content management system written in Java by DotCMS, Inc. for managing content and content-driven sites and applications. A security vulnerability exists in dotCMS that stems from the fact that any user with portlet privileges can access the Tools and Log Files tabs under...