CVE-2018-16980

dotCMS V5.0.1 has XSS in the /html/portlet/ext/contentlet/imagetools/index.jsp fieldName and inode parameters...

ALPINE-CVE-2018-16980

dotCMS V5.0.1 has XSS in the /html/portlet/ext/contentlet/imagetools/index.jsp fieldName and inode parameters...

Design/Logic Flaw

dotCMS V5.0.1 has XSS in the /html/portlet/ext/contentlet/imagetools/index.jsp fieldName and inode parameters...

CVE-2018-16980

dotCMS V5.0.1 has XSS in the /html/portlet/ext/contentlet/imagetools/index.jsp fieldName and inode parameters...

CVE-2018-16980

dotCMS V5.0.1 has XSS in the /html/portlet/ext/contentlet/imagetools/index.jsp fieldName and inode parameters...

CVE-2018-16980

CVE-2018-16980 affects dotCMS v5.0.1 and is a cross-site scripting vulnerability in the /html/portlet/ext/contentlet/image_tools/index.jsp page, specifically in the fieldName and inode parameters. The connected documents corroborate XSS details (CNVD-2019-07129, NVD entry). The exact exploitabili...

CVE-2018-16980

dotCMS V5.0.1 has XSS in the /html/portlet/ext/contentlet/imagetools/index.jsp fieldName and inode parameters...

dotCMS path traversal vulnerability (CNVD-2019-21131)

dotCMS is a content management system CMS from the American company dotCMS. A path traversal vulnerability exists in the Push Publishing feature of the admin panel in dotCMS 3.7.1 and earlier versions, which stems from the failure of the program to properly validate the 'Bundle' tar.gz archive fi...

dotCMS arbitrary file upload vulnerability (CNVD-2019-21130)

dotCMS is a content management system CMS from the American company dotCMS. An arbitrary file upload vulnerability exists in the Push Publishing feature in the administration panel of dotCMS 3.7.1 and prior versions, which originates when extracting the 'Bundle' tar.gz archive file uploaded to th...

Path traversal

The dotCMS administration panel, versions 3.7.1 and earlier, "Push Publishing" feature in Enterprise Pro is vulnerable to path traversal. When "Bundle" tar.gz archives uploaded to the Push Publishing feature are decompressed, the filenames of its contents are not properly checked, allowing for...

Path traversal

The dotCMS administration panel, versions 3.7.1 and earlier, "Push Publishing" feature in Enterprise Pro is vulnerable to arbitrary file upload. When "Bundle" tar.gz archives uploaded to the Push Publishing feature are decompressed, there are no checks on the types of files which the bundle...

Cross site request forgery (csrf)

The dotCMS administration panel, versions 3.7.1 and earlier, are vulnerable to cross-site request forgery. The dotCMS administrator panel contains a cross-site request forgery CSRF vulnerability. An attacker can perform actions with the same permissions as a victim user, provided the victim has a...

CVE-2017-3188

The dotCMS administration panel, versions 3.7.1 and earlier, "Push Publishing" feature in Enterprise Pro is vulnerable to path traversal. When "Bundle" tar.gz archives uploaded to the Push Publishing feature are decompressed, the filenames of its contents are not properly checked, allowing for...

CVE-2017-3189

The dotCMS administration panel, versions 3.7.1 and earlier, "Push Publishing" feature in Enterprise Pro is vulnerable to arbitrary file upload. When "Bundle" tar.gz archives uploaded to the Push Publishing feature are decompressed, there are no checks on the types of files which the bundle...

CVE-2017-3188

The dotCMS administration panel, versions 3.7.1 and earlier, "Push Publishing" feature in Enterprise Pro is vulnerable to path traversal. When "Bundle" tar.gz archives uploaded to the Push Publishing feature are decompressed, the filenames of its contents are not properly checked, allowing for...

CVE-2017-3187

The dotCMS administration panel, versions 3.7.1 and earlier, are vulnerable to cross-site request forgery. The dotCMS administrator panel contains a cross-site request forgery CSRF vulnerability. An attacker can perform actions with the same permissions as a victim user, provided the victim has a...

CVE-2017-3187

The dotCMS administration panel, versions 3.7.1 and earlier, are vulnerable to cross-site request forgery. The dotCMS administrator panel contains a cross-site request forgery CSRF vulnerability. An attacker can perform actions with the same permissions as a victim user, provided the victim has a...

CVE-2017-3189

The dotCMS administration panel, versions 3.7.1 and earlier, "Push Publishing" feature in Enterprise Pro is vulnerable to arbitrary file upload. When "Bundle" tar.gz archives uploaded to the Push Publishing feature are decompressed, there are no checks on the types of files which the bundle...

CVE-2017-3187 The dotCMS administration panel, versions 3.7.1 and earlier, are vulnerable to cross-site request forgery

The dotCMS administration panel, versions 3.7.1 and earlier, are vulnerable to cross-site request forgery. The dotCMS administrator panel contains a cross-site request forgery CSRF vulnerability. An attacker can perform actions with the same permissions as a victim user, provided the victim has a...

CVE-2017-3188 The dotCMS administration panel, versions 3.7.1 and earlier, "Push Publishing" feature in Enterprise Pro is vulnerable to path traversal

The dotCMS administration panel, versions 3.7.1 and earlier, "Push Publishing" feature in Enterprise Pro is vulnerable to path traversal. When "Bundle" tar.gz archives uploaded to the Push Publishing feature are decompressed, the filenames of its contents are not properly checked, allowing for...