Sign in Subscribe

← All advisories

High severityNVD Advisory· Published Jun 8, 2012· Updated Apr 29, 2026

CVE-2012-1826

CVE-2012-1826

Description

dotCMS 1.9 before 1.9.5.1 allows remote authenticated users to execute arbitrary Java code via a crafted (1) XSLT or (2) Velocity template.

Affected packages

Versions sourced from the GitHub Security Advisory.

Package	Affected versions	Patched versions
com.dotcms:dotcmsMaven	>= 1.9, < 1.9.5.1	1.9.5.1

Affected products

2

Dotcms/Dotcms2 versions
cpe:2.3:a:dotcms:dotcms:1.9:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:dotcms:dotcms:1.9:*:*:*:*:*:*:*
- cpe:2.3:a:dotcms:dotcms:1.9.2.1:*:*:*:*:*:*:*

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

13

github.com/advisories/GHSA-42vg-q6mw-cfh5ghsaADVISORY
nvd.nist.gov/vuln/detail/CVE-2012-1826ghsaADVISORY
dotcms.com/dotCMSVersionsghsaWEB
www.kb.cert.org/vuls/id/898083nvdUS Government ResourceWEB
github.com/dotCMS/dotCMS/issues/261nvdWEB
github.com/dotCMS/dotCMS/issues/281nvdWEB
web.archive.org/web/20201208044614/https://gist.github.com/jtesser/2627440ghsaWEB
web.archive.org/web/20210124000108/https://www.securityfocus.com/bid/53688ghsaWEB
dotcms.com/dotCMSVersions/nvd
osvdb.org/82240nvd
secunia.com/advisories/49276nvd
www.securityfocus.com/bid/53688nvd
gist.github.com/2627440nvd

News mentions

0

No linked articles in our index yet.