Unrestricted file upload

Unrestricted Upload of File with Dangerous Type in DotCMS v5.2.3 and earlier allow remote attackers to execute arbitrary code via the component "/src/main/java/com/dotmarketing/filters/CMSFilter.java"...

CVE-2020-19138

Unrestricted Upload of File with Dangerous Type in DotCMS v5.2.3 and earlier allow remote attackers to execute arbitrary code via the component "/src/main/java/com/dotmarketing/filters/CMSFilter.java"...

CVE-2020-19138

DotCMS vulnerability CVE-2020-19138 affects DotCMS v5.2.3 and earlier, via unrestricted upload of a dangerous file type in the CMSFilter.java component (/src/main/java/com/dotmarketing/filters/CMSFilter.java). The root cause is an unrestricted file upload that allows remote attackers to execute a...

DotCMS 代码问题漏洞

dotCMS is a powerful Java-based content management system CMS. dotCMS 5.2.3 and earlier versions are vulnerable to file uploads. A remote attacker can exploit this vulnerability to execute arbitrary code via /src/main/java/com/dotmarketing/filters/CMSFilter.java...

CVE-2020-18875

Incorrect Access Control in DotCMS versions before 5.1 allows remote attackers to gain privileges by injecting client configurations via vtl velocity files...

CVE-2020-18875

Incorrect Access Control in DotCMS versions before 5.1 allows remote attackers to gain privileges by injecting client configurations via vtl velocity files...

Improper access control

Incorrect Access Control in DotCMS versions before 5.1 allows remote attackers to gain privileges by injecting client configurations via vtl velocity files...

CVE-2020-18875

DotCMS before version 5.1 suffers from incorrect access control in velocity (vtl) files, allowing remote attackers to inject client configurations and gain privileges. The issue is documented across multiple sources (including Red Hat and PT-Security) with the concrete remediation: upgrade to Dot...

CVE-2020-18875

Incorrect Access Control in DotCMS versions before 5.1 allows remote attackers to gain privileges by injecting client configurations via vtl velocity files...

DotCMS 注入漏洞

Dotcms dotCMS is a content management system CMS from the American company dotCMS Dotcms. The system supports RSS feeds, blogs, forums and other modules, and is easy to extend and build. A security vulnerability exists in DotCMS versions prior to 5.1, which stems from incorrect access control for...

PT-2021-10245 · Dotcms · Dotcms

Name of the Vulnerable Software and Affected Versions: DotCMS versions prior to 5.1 Description: The issue allows remote attackers to gain privileges by injecting client configurations via vtl velocity files. This is due to incorrect access control in the software. Recommendations: For versions...

dotCMS Cross-Site Scripting Vulnerability (CNVD-2021-50942)

dotcms is a powerful Content Management System CMS developed in Java. A reflective cross-site scripting vulnerability exists in dotAdmin//c/links in dotCMS version 21.05.1, which can be exploited by an attacker to execute arbitrary commands or HTML...

dotCMS Cross-Site Scripting Vulnerability (CNVD-2021-50941)

dotcms is a powerful Content Management System CMS developed in Java. A reflective cross-site scripting vulnerability exists in dotAdmin//c/containers in dotCMS version 21.05.1, which can be exploited by an attacker to execute arbitrary commands or HTML...

dotCMS Cross-Site Scripting Vulnerability (CNVD-2021-50940)

dotcms is a powerful Content Management System CMS developed in Java. A stored cross-site scripting vulnerability exists in dotCMS version 21.05.1 in dotAdmin//c/cImages, which can be exploited by an attacker to execute arbitrary Web script or HTML via the 'Title' and 'Filename' parameters...

CVE-2021-35358

A stored cross site scripting XSS vulnerability in dotAdmin//c/cImages of dotCMS 21.05.1 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the 'Title' and 'Filename' parameters...

CVE-2021-35361

A reflected cross site scripting XSS vulnerability in dotAdmin//c/links of dotCMS 21.05.1 allows attackers to execute arbitrary commands or HTML via a crafted payload...

CVE-2021-35360

A reflected cross site scripting XSS vulnerability in dotAdmin//c/containers of dotCMS 21.05.1 allows attackers to execute arbitrary commands or HTML via a crafted payload...

CVE-2021-35360

A reflected cross site scripting XSS vulnerability in dotAdmin//c/containers of dotCMS 21.05.1 allows attackers to execute arbitrary commands or HTML via a crafted payload...

CVE-2021-35361

A reflected cross site scripting XSS vulnerability in dotAdmin//c/links of dotCMS 21.05.1 allows attackers to execute arbitrary commands or HTML via a crafted payload...

CVE-2021-35358

A stored cross site scripting XSS vulnerability in dotAdmin//c/cImages of dotCMS 21.05.1 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the 'Title' and 'Filename' parameters...