518 matches found
CVE-2019-11846
CVE-2019-11846 affects dotCMS 5.1.1 via the upload endpoint /servlets/ajax_file_upload?fieldName=binary3, enabling HTML Injection/XSS. Root cause: input handling in the upload path allows injected HTML/JS to be stored or reflected. Impact per sources: cross-site scripting with partial integrity i...
CVE-2019-11846
/servlets/ajaxfileupload?fieldName=binary3 in dotCMS 5.1.1 allows XSS and HTML Injection...
dotCMS Code Injection Vulnerability
dotCMS is a content management system CMS from the United States dotCMS. The system supports RSS feeds , blogs , forums and other modules , and is easy to extend and build features . A code injection vulnerability exists in dotCMS version 5.1.1, which can be exploited by an attacker to generate...
dotCMS 5.1.1 - HTML Injection
dotCMS 5.1.1 - HTML Injection Exploit Title: dotCMS 5.1.1 - HTML Injection Date: 2019-05-09 Exploit Author: Ismail Tasdelen Vendor Homepage: https://dotcms.com/ Software Link: https://github.com/dotCMS Software: dotCMS Product Version: 5.1.1 Vulernability Type: Code Injection Vulenrability: HTML...
dotCMS 5.1.1 - HTML Injection Vulnerability
Exploit for jsp platform in category web applications Exploit Title: dotCMS 5.1.1 - HTML Injection Exploit Author: Ismail Tasdelen Vendor Homepage: https://dotcms.com/ Software Link: https://github.com/dotCMS Software: dotCMS Product Version: 5.1.1 Vulernability Type: Code Injection Vulenrability...
dotCMS 5.1.1 - HTML Injection
Exploit Title: dotCMS 5.1.1 - HTML Injection Date: 2019-05-09 Exploit Author: Ismail Tasdelen Vendor Homepage: https://dotcms.com/ Software Link: https://github.com/dotCMS Software: dotCMS Product Version: 5.1.1 Vulernability Type: Code Injection Vulenrability: HTML Injection and Cross-site...
dotCMS 5.1.1 HTML Injection
Exploit Title: dotCMS 5.1.1 - HTML Injection Date: 2019-05-09 Exploit Author: Ismail Tasdelen Vendor Homepage: https://dotcms.com/ Software Link: https://github.com/dotCMS Software: dotCMS Product Version: 5.1.1 Vulernability Type: Code Injection Vulenrability: HTML Injection and Cross-site...
dotCMS Open Redirect Vulnerability
dotCMS is a content management system CMS from the United States dotCMS. The system supports RSS feeds , blogs , forums and other modules , and is easy to extend and build features . A security vulnerability exists in dotCMS versions prior to 5.0.2. An attacker can exploit this vulnerability to...
CVE-2018-17422
dotCMS before 5.0.2 has open redirects via the html/common/forwardjs.jsp FORWARDURL parameter or the html/portlet/ext/common/pagepreviewpopup.jsp hostname parameter...
CVE-2018-17422
dotCMS before 5.0.2 has open redirects via the html/common/forwardjs.jsp FORWARDURL parameter or the html/portlet/ext/common/pagepreviewpopup.jsp hostname parameter...
Open redirect
dotCMS before 5.0.2 has open redirects via the html/common/forwardjs.jsp FORWARDURL parameter or the html/portlet/ext/common/pagepreviewpopup.jsp hostname parameter...
CVE-2018-17422
dotCMS before 5.0.2 has open redirects via the html/common/forwardjs.jsp FORWARDURL parameter or the html/portlet/ext/common/pagepreviewpopup.jsp hostname parameter...
CVE-2018-17422
DotCMS
CVE-2018-19554
An issue was discovered in Dotcms through 5.0.3. Attackers may perform XSS attacks via the inode, identifier, or fieldName parameter in html/js/dotcms/dijit/image/imagetool.jsp...
Design/Logic Flaw
An issue was discovered in Dotcms through 5.0.3. Attackers may perform XSS attacks via the inode, identifier, or fieldName parameter in html/js/dotcms/dijit/image/imagetool.jsp...
CVE-2018-19554
An issue was discovered in Dotcms through 5.0.3. Attackers may perform XSS attacks via the inode, identifier, or fieldName parameter in html/js/dotcms/dijit/image/imagetool.jsp...
CVE-2018-19554
An issue was discovered in Dotcms through 5.0.3. Attackers may perform XSS attacks via the inode, identifier, or fieldName parameter in html/js/dotcms/dijit/image/imagetool.jsp...
CVE-2018-19554
CVE-2018-19554 affects DotCMS up to version 5.0.3. The issue is an XSS vulnerability that can be triggered via the inode, identifier, or fieldName parameters in the file html/js/dotcms/dijit/image/image_tool.jsp. The available documents identify the vulnerable surface but do not provide a concret...
Dotcms cross-site scripting vulnerability (CNVD-2018-26792)
dotCMS is a content management system CMS from the United States dotCMS. The system supports RSS feeds , blogs , forums and other modules , and is easy to extend and build features . A cross-site scripting vulnerability exists in dotCMS 5.0.3 and earlier versions. A remote attacker can leverage t...
dotCMS cross-site scripting vulnerability (CNVD-2019-07129)
dotCMS is a content management system CMS from the United States dotCMS. The system supports RSS feeds , blogs , forums and other modules , and is easy to extend and build features . The 'fieldName' and 'inode' parameters in the /html/portlet/ext/contentlet/imagetools/index.jsp page in dotCMS...