518 matches found
Cross site scripting
A reflected cross site scripting XSS vulnerability in dotAdmin//c/links of dotCMS 21.05.1 allows attackers to execute arbitrary commands or HTML via a crafted payload...
Cross site scripting
A reflected cross site scripting XSS vulnerability in dotAdmin//c/containers of dotCMS 21.05.1 allows attackers to execute arbitrary commands or HTML via a crafted payload...
Cross site scripting
A stored cross site scripting XSS vulnerability in dotAdmin//c/cImages of dotCMS 21.05.1 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the 'Title' and 'Filename' parameters...
CVE-2021-35358
DotCMS 21.05.1 is affected by a stored XSS in the dotAdmin/#/c/c_Images UI, allowing an authenticated attacker to inject arbitrary web scripts or HTML through crafted payloads in the Title and Filename fields. The issue is confirmed in multiple sources referencing the same vulnerability; the root...
CVE-2021-35358
A stored cross site scripting XSS vulnerability in dotAdmin//c/cImages of dotCMS 21.05.1 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the 'Title' and 'Filename' parameters...
CVE-2021-35361
A reflected cross site scripting XSS vulnerability in dotAdmin//c/links of dotCMS 21.05.1 allows attackers to execute arbitrary commands or HTML via a crafted payload...
CVE-2021-35361
CVE-2021-35361 describes a reflected cross-site scripting (XSS) vulnerability in dotCMS 21.05.1 within dotAdmin/#/c/links. The affected component is the web interface under dotAdmin, where a crafted payload can cause the execution of arbitrary HTML or commands. The connected records consistently ...
CVE-2021-35360
CVE-2021-35360 is a reflected cross-site scripting vulnerability in dotCMS 21.05.1 affecting the dotAdmin/#/c/containers path. The issue allows an attacker to inject arbitrary HTML/commands via a crafted payload, as noted in multiple sources (dotCMS and CNVD entries). The NVD/CVSS data indicates ...
Dotcms dotCMS 跨站脚本漏洞
dotcms is a powerful Content Management System CMS developed in Java. A reflective cross-site scripting vulnerability exists in dotAdmin//c/links in dotCMS version 21.05.1, which can be exploited by an attacker to execute arbitrary commands or HTML...
Dotcms dotCMS 跨站脚本漏洞
dotcms is a powerful Content Management System CMS developed in Java. A stored cross-site scripting vulnerability exists in dotCMS version 21.05.1 in dotAdmin//c/cImages, which can be exploited by an attacker to execute arbitrary Web script or HTML via the 'Title' and 'Filename' parameters...
Dotcms dotCMS 跨站脚本漏洞
dotcms is a powerful Content Management System CMS developed in Java. A reflective cross-site scripting vulnerability exists in dotAdmin//c/containers in dotCMS version 21.05.1, which can be exploited by an attacker to execute arbitrary commands or HTML...
dotCMS cross-site scripting vulnerability (CNVD-2021-39519)
Dotcms dotCMS is a content management system CMS from the American company dotCMS Dotcms. The system supports RSS feeds , blogs , forums and other modules , and is easy to extend and build features . A cross-site scripting vulnerability exists in dotCMS v5.1.5, which can be exploited by a remote...
CVE-2020-17542
Cross Site Scripting XSS in dotCMS v5.1.5 allows remote attackers to execute arbitrary code by injecting a malicious payload into the "Task Detail" comment window of the "/dotAdmin//c/workflow" component...
CVE-2020-17542
Cross Site Scripting XSS in dotCMS v5.1.5 allows remote attackers to execute arbitrary code by injecting a malicious payload into the "Task Detail" comment window of the "/dotAdmin//c/workflow" component...
Cross site scripting
Cross Site Scripting XSS in dotCMS v5.1.5 allows remote attackers to execute arbitrary code by injecting a malicious payload into the "Task Detail" comment window of the "/dotAdmin//c/workflow" component...
CVE-2020-17542
DotCMS v5.1.5 has a Cross Site Scripting (XSS) vulnerability in the Task Detail comment window of the /dotAdmin/#/c/workflow component that could allow a remote attacker to execute arbitrary code. Affected product/endpoint: dotCMS 5.1.5, component: Task Detail in the workflow editor. Root cause: ...
CVE-2020-17542
Cross Site Scripting XSS in dotCMS v5.1.5 allows remote attackers to execute arbitrary code by injecting a malicious payload into the "Task Detail" comment window of the "/dotAdmin//c/workflow" component...
dotCMS 跨站脚本漏洞
Dotcms dotCMS is a content management system CMS from the American company dotCMS Dotcms. The system supports RSS feeds , blogs , forums and other modules , and is easy to extend and build features . A cross-site scripting vulnerability exists in dotCMS v5.1.5, which can be exploited by a remote...
dotCMS 5.2.2 任意文件上传漏洞
...
File Upload Vulnerability in dotCMS
dotCMS is a content management system CMS. A file upload vulnerability exists in dotCMS, which can be exploited by an attacker to upload arbitrary files...