Directory traversal vulnerability in the dotTailLogServlet in dotCMS before 3.5.1 allows remote authenticated administrators to read arbitrary files via a .. (dot dot) in the fileName parameter.
CVSS Score
2.7
EPSS Score
0.001
Published
2016-04-18
Cross-site scripting (XSS) vulnerability in lucene_search.jsp in dotCMS before 3.5.1 allows remote attackers to inject arbitrary web script or HTML via the query parameter to c/portal/layout.
CVSS Score
4.8
EPSS Score
0.002
Published
2016-04-18
Multiple cross-site scripting (XSS) vulnerabilities in dotCMS before 2.3.2 allow remote attackers to inject arbitrary web script or HTML via the (1) _loginUserName parameter to application/login/login.html, (2) my_account_login parameter to c/portal_public/login, or (3) email parameter to forgotPassword.
CVSS Score
4.3
EPSS Score
0.003
Published
2014-04-02
dotCMS 1.9 before 1.9.5.1 allows remote authenticated users to execute arbitrary Java code via a crafted (1) XSLT or (2) Velocity template.
CVSS Score
6.0
EPSS Score
0.01
Published
2012-06-08
Multiple directory traversal vulnerabilities in dotCMS 1.6.0.9 allow remote attackers to read arbitrary files via a .. (dot dot) in the id parameter to (1) news/index.dot and (2) getting_started/macros/macros_detail.dot.
CVSS Score
4.3
EPSS Score
0.024
Published
2008-08-19
Cross-site scripting (XSS) vulnerability in search-results.dot in dotCMS 1.x allows remote attackers to inject arbitrary web script or HTML via the search_query parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVSS Score
4.3
EPSS Score
0.003
Published
2008-05-21
Page 6