VYPR
High severityNVD Advisory· Published Jun 8, 2012· Updated Jun 16, 2026

CVE-2012-1826

CVE-2012-1826

Description

dotCMS 1.9 before 1.9.5.1 allows remote authenticated users to execute arbitrary Java code via a crafted (1) XSLT or (2) Velocity template.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
com.dotcms:dotcmsMaven
>= 1.9, < 1.9.5.11.9.5.1

Affected products

3
  • Dotcms/Dotcms2 versions
    cpe:2.3:a:dotcms:dotcms:1.9:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:a:dotcms:dotcms:1.9:*:*:*:*:*:*:*
    • cpe:2.3:a:dotcms:dotcms:1.9.2.1:*:*:*:*:*:*:*
  • ghsa-coords
    Range: >= 1.9, < 1.9.5.1

Patches

Vulnerability mechanics

References

13

News mentions

0

No linked articles in our index yet.