Html-Js: >> Doracms >> 2.0.3 Security Vulnerabilities
Cross Site Scripting vulnerability in DOraCMS v.2.18 and before allows a remote attacker to execute arbitrary code via the markdown0 function in the /app/public/apidoc/oas3/wrap-components/markdown.jsx endpoint.
CVSS Score
8.8
EPSS Score
0.115
Published
2024-03-19
DoraCMS v2.18 and earlier allows attackers to bypass login authentication via a crafted HTTP request.
CVSS Score
9.8
EPSS Score
0.002
Published
2022-08-17
Weak Encoding for Password in DoraCMS v2.1.1 and earlier allows attackers to obtain sensitive information as it does not use a random salt or IV for its AES-CBC encryption, causes password encrypted for users to be susceptible to dictionary attacks.
CVSS Score
7.5
EPSS Score
0.001
Published
2021-05-20
Multiple cross-site scripting (XSS) vulnerabilities in /api/content/addOne in DoraCMS v2.0.3 allow remote attackers to inject arbitrary web script or HTML via the (1) discription or (2) comments field, related to users/userAddContent.
CVSS Score
5.4
EPSS Score
0.002
Published
2018-09-06