Doracms@2.1.8 Security Vulnerabilities and Issues — Doracms@2.1.8 CVE List

Lucene search

Html-jsDoracms2.1.8

4 matches found

CVE•added 2022/03/20 7:15 p.m.•72 views

CVE-2022-25464

A stored cross-site scripting (XSS) vulnerability in the component /admin/contenttemp of DoraCMS v2.1.8 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.

4.8CVSS4.9AI score0.00283EPSS

CVE•added 2023/12/08 3:15 p.m.•40 views

CVE-2023-49443

DoraCMS v2.1.8 was discovered to re-use the same code for verification of valid usernames and passwords. This vulnerability allows attackers to gain access to the application via a bruteforce attack.

9.8CVSS9.5AI score0.00072EPSS

CVE•added 2023/12/08 3:15 p.m.•35 views

CVE-2023-49444

An arbitrary file upload vulnerability in DoraCMS v2.1.8 allow attackers to execute arbitrary code via uploading a crafted HTML or image file to the user avatar.

5.4CVSS6.1AI score0.00073EPSS

CVE•added 2024/01/29 8:15 p.m.•34 views

CVE-2023-51840

DoraCMS 2.1.8 is vulnerable to Use of Hard-coded Cryptographic Key.

9.8CVSS9.3AI score0.00242EPSS