Html-Js: >> Doracms >> 2.1.8 Security Vulnerabilities
Cross Site Scripting vulnerability in DOraCMS v.2.18 and before allows a remote attacker to execute arbitrary code via the markdown0 function in the /app/public/apidoc/oas3/wrap-components/markdown.jsx endpoint.
CVSS Score
8.8
EPSS Score
0.115
Published
2024-03-19
DoraCMS 2.1.8 is vulnerable to Use of Hard-coded Cryptographic Key.
CVSS Score
9.8
EPSS Score
0.002
Published
2024-01-29
DoraCMS v2.1.8 was discovered to re-use the same code for verification of valid usernames and passwords. This vulnerability allows attackers to gain access to the application via a bruteforce attack.
CVSS Score
9.8
EPSS Score
0.001
Published
2023-12-08
An arbitrary file upload vulnerability in DoraCMS v2.1.8 allow attackers to execute arbitrary code via uploading a crafted HTML or image file to the user avatar.
CVSS Score
5.4
EPSS Score
0.001
Published
2023-12-08
DoraCMS v2.18 and earlier allows attackers to bypass login authentication via a crafted HTTP request.
CVSS Score
9.8
EPSS Score
0.002
Published
2022-08-17
A stored cross-site scripting (XSS) vulnerability in the component /admin/contenttemp of DoraCMS v2.1.8 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.
CVSS Score
4.8
EPSS Score
0.003
Published
2022-03-20