High severity7.5NVD Advisory· Published Jun 30, 2016· Updated May 6, 2026

CVE-2016-4803

Description

CRLF injection vulnerability in the send email functionality in dotCMS before 3.3.2 allows remote attackers to inject arbitrary email headers via CRLF sequences in the subject.

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

seclists.org/fulldisclosure/2016/May/69nvdExploit
security.elarlang.eu/cve-2016-4803-dotcms-email-header-injection-vulnerability-full-disclosure.htmlnvdExploit
dotcms.com/docs/latest/change-lognvdVendor Advisory
www.securityfocus.com/bid/91529nvd

News mentions

No linked articles in our index yet.

cvss	0.488
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000