3 matches found
CVE-2016-8906
SQL injection vulnerability in the "Site Browser Links pages" screen in dotCMS before 3.3.1 allows remote authenticated attackers to execute arbitrary SQL commands via the orderby parameter...
CVE-2016-8906
SQL injection vulnerability in the "Site Browser Links pages" screen in dotCMS before 3.3.1 allows remote authenticated attackers to execute arbitrary SQL commands via the orderby parameter...
PT-2008-4012 · Cre Loaded · Cre Loaded
Name of the Vulnerable Software and Affected Versions: CRE Loaded versions 6.2.13.1 and earlier Description: A cross-site scripting XSS issue allows remote attackers to inject arbitrary web script or HTML via the Links and Links Submit pages. Recommendations: For CRE Loaded versions 6.2.13.1 and...