514 matches found
CVE-2017-5877
XSS was discovered in dotCMS 3.7.0, with an unauthenticated attack against the /about-us/locations/index direction parameter...
CVE-2017-5877
XSS was discovered in dotCMS 3.7.0, with an unauthenticated attack against the /about-us/locations/index direction parameter...
CVE-2017-5877
DotCMS 3.7.0 is affected by a cross-site scripting (XSS) vulnerability that can be triggered by an unauthenticated attacker via the /about-us/locations/index parameter. The issue is documented as CVE-2017-5877. NVD notes CVSS v2 base score 4.3 (AV:N/AC:M/Au:N/C:N/I:P/A:N) and CVSS v3 base score 6...
CVE-2017-5876
XSS was discovered in dotCMS 3.7.0, with an unauthenticated attack against the /news-events/events date parameter...
CVE-2017-5876
CVE-2017-5876 describes a cross-site scripting (XSS) vulnerability in dotCMS version 3.7.0. An unauthenticated attacker can exploit the vulnerability via the /news-events/events date parameter. The issue is documented across multiple sources (NVD, CNVD, OSV, OpenVAS, CVE lists). Affected software...
CVE-2017-5875
XSS was discovered in dotCMS 3.7.0, with an authenticated attack against the /myAccount addressID parameter...
CVE-2017-5875
dotCMS 3.7.0 contains a cross-site scripting (XSS) vulnerability exploitable by an authenticated user via the /myAccount addressID parameter. Multiple sources (NVD/CNVD/OSV) confirm XSS with an authenticated impact (C/L/I/L, A none); CVSS3 score 5.4 (MEDIUM) with network attack vector and low pri...
CVE-2017-5877
XSS was discovered in dotCMS 3.7.0, with an unauthenticated attack against the /about-us/locations/index direction parameter...
dotCMS 'stName' Parameter SQL Injection Vulnerability
dotCMS is a content management system CMS developed in Java. A SQL injection vulnerability exists in the 'stName' parameter in dotCMS versions prior to 3.3.2, which allows remote attackers to execute arbitrary SQL commands via the stName parameter in api/content/save/1...
CVE-2016-2355
SQL injection vulnerability in the REST API in dotCMS before 3.3.2 allows remote attackers to execute arbitrary SQL commands via the stName parameter to api/content/save/1...
CVE-2016-2355
SQL injection vulnerability in the REST API in dotCMS before 3.3.2 allows remote attackers to execute arbitrary SQL commands via the stName parameter to api/content/save/1...
Sql injection
SQL injection vulnerability in the REST API in dotCMS before 3.3.2 allows remote attackers to execute arbitrary SQL commands via the stName parameter to api/content/save/1...
CVE-2016-2355
Summary: CVE-2016-2355 is a SQL injection vulnerability in the dotCMS REST API, specifically in the param stName used with api/content/save/1. Affected software: dotCMS versions before 3.3.2. Vulnerability details: An attacker can inject arbitrary SQL via the stName parameter, potentially comprom...
CVE-2016-2355
SQL injection vulnerability in the REST API in dotCMS before 3.3.2 allows remote attackers to execute arbitrary SQL commands via the stName parameter to api/content/save/1...
CVE-2016-8908
SQL injection vulnerability in the "Site Browser HTML pages" screen in dotCMS before 3.3.1 allows remote authenticated attackers to execute arbitrary SQL commands via the orderby parameter...
CVE-2016-8908
SQL injection vulnerability in the "Site Browser HTML pages" screen in dotCMS before 3.3.1 allows remote authenticated attackers to execute arbitrary SQL commands via the orderby parameter...
CVE-2016-8907
SQL injection vulnerability in the "Content Types Content Types" screen in dotCMS before 3.3.1 allows remote authenticated attackers to execute arbitrary SQL commands via the orderby parameter...
CVE-2016-8907
SQL injection vulnerability in the "Content Types Content Types" screen in dotCMS before 3.3.1 allows remote authenticated attackers to execute arbitrary SQL commands via the orderby parameter...
CVE-2016-8906
SQL injection vulnerability in the "Site Browser Links pages" screen in dotCMS before 3.3.1 allows remote authenticated attackers to execute arbitrary SQL commands via the orderby parameter...
CVE-2016-8906
SQL injection vulnerability in the "Site Browser Links pages" screen in dotCMS before 3.3.1 allows remote authenticated attackers to execute arbitrary SQL commands via the orderby parameter...