CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Dotcms: >> Dotcms >> 3.3.1 Security Vulnerabilities

CVE-2016-3972

Directory traversal vulnerability in the dotTailLogServlet in dotCMS before 3.5.1 allows remote authenticated administrators to read arbitrary files via a .. (dot dot) in the fileName parameter.

CVSS Score

2.7

EPSS Score

0.001

Published

2016-04-18

CVE-2016-3971

Cross-site scripting (XSS) vulnerability in lucene_search.jsp in dotCMS before 3.5.1 allows remote attackers to inject arbitrary web script or HTML via the query parameter to c/portal/layout.

CVSS Score

4.8

EPSS Score

0.002

Published

2016-04-18

Page 3

Vulnerabilities

Vulnerable Software

Dotcms: >> Dotcms >> 3.3.1 Security Vulnerabilities

Products

Pricing

Contact Us