10 matches found
EUVD-2019-4451
Malware in sbrugna...
EUVD-2016-9727
Malware in sbrugna...
EUVD-2022-39687
Malicious code in bioql PyPI...
EUVD-2022-39688
Malicious code in bioql PyPI...
CVE-2019-12872
dotCMS before 5.1.6 is vulnerable to a SQL injection that can be exploited by an attacker of the role Publisher via viewunpushedbundles.jsp...
CVE-2022-26352
An issue was discovered in the ContentResource API in dotCMS 3.0 through 22.02. Attackers can craft a multipart form request to post a file whose filename is not initially sanitized. This allows directory traversal, in which the file is saved outside of the intended storage location. If anonymous...
CVE-2016-8907
SQL injection vulnerability in the "Content Types Content Types" screen in dotCMS before 3.3.1 allows remote authenticated attackers to execute arbitrary SQL commands via the orderby parameter...
CVE-2016-8903
SQL injection vulnerability in the "Site Browser Templates pages" screen in dotCMS before 3.3.1 allows remote authenticated attackers to execute arbitrary SQL commands via the orderby parameter...
CVE-2016-3688
SQL injection vulnerability in dotCMS before 3.5 allows remote administrators to execute arbitrary SQL commands via the c0-e3 parameter to dwr/call/plaincall/UserAjax.getUsersList.dwr...
Cross-Site Scripting Vulnerability in DotCMS Blog Search Page
DotCMS is a content management system CMS from the American company DotCMS. The system supports RSS feeds , blogs , forums and other modules , and is easy to extend and build features . A cross-site scripting vulnerability exists in DotCMS version 3.3, which originates from the blogs/ page in the...