VYPR

Dotcms

by Dotcms

Source repositories

CVEs (57)

  • CVE-2018-16980MedSep 12, 2018
    risk 0.40cvss 6.1epss 0.01

    dotCMS V5.0.1 has XSS in the /html/portlet/ext/contentlet/image_tools/index.jsp fieldName and inode parameters.

  • CVE-2016-10008HigFeb 19, 2018
    risk 0.40cvss 7.2epss 0.01

    SQL injection vulnerability in the "Content Types > Content Types" screen in dotCMS before 3.7.2 and 4.x before 4.1.1 allows remote authenticated administrators to execute arbitrary SQL commands via the _EXT_STRUCTURE_direction parameter.

  • CVE-2016-10007HigFeb 19, 2018
    risk 0.40cvss 7.2epss 0.01

    SQL injection vulnerability in the "Marketing > Forms" screen in dotCMS before 3.7.2 and 4.x before 4.1.1 allows remote authenticated administrators to execute arbitrary SQL commands via the _EXT_FORM_HANDLER_orderBy parameter.

  • CVE-2017-6003MedMar 27, 2017
    risk 0.40cvss 6.1epss 0.01

    dotCMS 3.7.0 has XSS reachable from ext/languages_manager/edit_language in portal/layout via the bottom two form fields.

  • CVE-2017-5877MedFeb 6, 2017
    risk 0.40cvss 6.1epss 0.01

    XSS was discovered in dotCMS 3.7.0, with an unauthenticated attack against the /about-us/locations/index direction parameter.

  • CVE-2017-5876MedFeb 6, 2017
    risk 0.40cvss 6.1epss 0.01

    XSS was discovered in dotCMS 3.7.0, with an unauthenticated attack against the /news-events/events date parameter.

  • CVE-2017-15219MedOct 10, 2017
    risk 0.35cvss 5.4epss 0.01

    The dotCMS 4.1.1 application is vulnerable to Stored Cross-Site Scripting (XSS) affecting a vanity-urls Title field, a containers Description field, and a templates Description field.

  • CVE-2017-5875MedFeb 6, 2017
    risk 0.35cvss 5.4epss 0.01

    XSS was discovered in dotCMS 3.7.0, with an authenticated attack against the /myAccount addressID parameter.

  • CVE-2016-3971MedApr 18, 2016
    risk 0.31cvss 4.8epss 0.01

    Cross-site scripting (XSS) vulnerability in lucene_search.jsp in dotCMS before 3.5.1 allows remote attackers to inject arbitrary web script or HTML via the query parameter to c/portal/layout.

  • CVE-2022-26352KEVJul 17, 2022
    risk 0.29cvss epss 0.92

    An issue was discovered in the ContentResource API in dotCMS 3.0 through 22.02. Attackers can craft a multipart form request to post a file whose filename is not initially sanitized. This allows directory traversal, in which the file is saved outside of the intended storage…

  • CVE-2016-3972LowApr 18, 2016
    risk 0.18cvss 2.7epss 0.01

    Directory traversal vulnerability in the dotTailLogServlet in dotCMS before 3.5.1 allows remote authenticated administrators to read arbitrary files via a .. (dot dot) in the fileName parameter.

  • CVE-2020-6754Feb 5, 2020
    risk 0.06cvss epss 0.95

    dotCMS before 5.2.4 is vulnerable to directory traversal, leading to incorrect access control. It allows an attacker to read or execute files under $TOMCAT_HOME/webapps/ROOT/assets (which should be a protected directory). Additionally, attackers can upload temporary files (e.g.,…

  • CVE-2008-3708Aug 19, 2008
    risk 0.03cvss epss 0.05

    Multiple directory traversal vulnerabilities in dotCMS 1.6.0.9 allow remote attackers to read arbitrary files via a .. (dot dot) in the id parameter to (1) news/index.dot and (2) getting_started/macros/macros_detail.dot.

  • CVE-2020-19138Sep 8, 2021
    risk 0.01cvss epss 0.06

    Unrestricted Upload of File with Dangerous Type in DotCMS v5.2.3 and earlier allow remote attackers to execute arbitrary code via the component "/src/main/java/com/dotmarketing/filters/CMSFilter.java".

  • CVE-2018-17422Mar 7, 2019
    risk 0.01cvss epss 0.04

    dotCMS before 5.0.2 has open redirects via the html/common/forward_js.jsp FORWARD_URL parameter or the html/portlet/ext/common/page_preview_popup.jsp hostname parameter.

  • CVE-2025-11165Feb 24, 2026
    risk 0.00cvss epss 0.00

    A sandbox escape vulnerability exists in dotCMS’s Velocity scripting engine (VTools) that allows authenticated users with scripting privileges to bypass class and package restrictions enforced by SecureUberspectorImpl. By dynamically modifying the Velocity engine’s runtime…

  • CVE-2024-3938Jul 25, 2024
    risk 0.00cvss epss 0.00

    The "reset password" login page accepted an HTML injection via URL parameters. This has already been rectified via patch, and as such it cannot be demonstrated via Demo site link. Those interested to see the vulnerability may spin up a http://localhost:8082/dotAdmin/#/public/lo…

  • CVE-2024-3165Apr 1, 2024
    risk 0.00cvss epss 0.01

    System->Maintenance-> Log Files in dotCMS dashboard is providing the username/password for database connections in the log output. Nevertheless, this is a moderate issue as it requires a backend admin as well as that dbs are locked down by environment.   OWASP Top 10 - A05)…

  • CVE-2024-3164Apr 1, 2024
    risk 0.00cvss epss 0.00

    In dotCMS dashboard, the Tools and Log Files tabs under System → Maintenance Portlet, which is and always has been an Admin portlet, is accessible to anyone with that portlet and not just to CMS Admins. Users that get site admin but not a system admin, should not have access…

  • CVE-2023-3042Oct 17, 2023
    risk 0.00cvss epss 0.00

    In dotCMS, versions mentioned, a flaw in the NormalizationFilter does not strip double slashes (//) from URLs, potentially enabling bypasses for XSS and access controls. An example affected URL is https://demo.dotcms.com//html/portlet/ext/files/edit_text_inc.jsp , which should…