Product
dotcms
57 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
CVE-2025-11165
CVE-2024-3938
CVE-2024-3165
CVE-2024-3164
CVE-2023-3042
CVE-2022-37034
CVE-2022-45783
CVE-2022-45782
CVE-2022-37033
CVE-2022-35740
CVE-2022-37431
CVE-2022-26352
CVE-2020-19138
CVE-2020-18875
CVE-2021-35361
CVE-2021-35360
CVE-2021-35358
CVE-2020-17542
CVE-2020-27848
CVE-2020-35274
CVE-2020-6754
CVE-2019-12872
CVE-2019-12309
CVE-2019-11846
CVE-2018-17422
CVE-2018-19554
CVE-2018-16980
CVE-2017-3189
CVE-2017-3188
CVE-2017-3187
CVE-2016-10008
CVE-2016-10007
CVE-2017-15219
CVE-2017-11466
CVE-2017-6003
CVE-2017-5344
CVE-2017-5877
CVE-2017-5876
CVE-2017-5875
CVE-2016-2355
CVE-2016-8908
CVE-2016-8907
CVE-2016-8906
CVE-2016-8905
CVE-2016-8904
CVE-2016-8903
CVE-2016-8902
CVE-2016-8600
CVE-2016-4803
CVE-2016-4040
CVE-2016-3688
CVE-2016-3972
CVE-2016-3971
CVE-2013-3484
CVE-2012-1826
CVE-2008-3708
CVE-2008-2397
< 24.12.27
A sandbox escape vulnerability exists in dotCMS’s Velocity scripting engine (VTools) that allows authenticated users with script
>= 5.1.5 and < 23.01.18
The "reset password" login page accepted an HTML injection via URL parameters. This has already been rectified via patch, and as
>= 22.02 and < 22.03.15
System-Maintenance-Log Files in dotCMS dashboard is providing the username/password for database connections in the log output. Ne
>= 22.02 and < 22.03.15
In dotCMS dashboard, the Tools and Log Files tabs under System - Maintenance Portlet, which is and always has been an Admin portle
all versions
In dotCMS, versions mentioned, a flaw in the NormalizationFilter does not strip double slashes (//) from URLs, potentially enablin
>= 5.2.0 and < 22.10
In dotCMS 5.x-22.06, it is possible to call the TempResource multiple times, each time requesting the dotCMS server to download a
>= 4.0.0 and <= 22.10.1
An issue was discovered in dotCMS core 4.x through 22.10.2. An authenticated directory traversal vulnerability in the dotCMS API c
>= 5.3.8.5 and <= 5.3.8.15
An issue was discovered in dotCMS core 5.3.8.5 through 5.3.8.15 and 21.03 through 22.10.1. A cryptographically insecure random gen
>= 5.2.0 and < 22.08
In dotCMS 5.x-22.06, TempFileAPI allows a user to create a temporary file based on a passed in URL, while attempting to block any
>= 22.01 and < 22.06
dotCMS before 22.06 allows remote attackers to bypass intended access control and obtain sensitive information by using a semicolo
<= 22.06
A Reflected Cross-site scripting (XSS) issue was discovered in dotCMS Core through 22.06. This occurs in the admin portal when the
>= 3.0 and <= 22.02
An issue was discovered in the ContentResource API in dotCMS 3.0 through 22.02. Attackers can craft a multipart form request to po
<= 5.2.3
Unrestricted Upload of File with Dangerous Type in DotCMS v5.2.3 and earlier allow remote attackers to execute arbitrary code via
< 5.1.0
Incorrect Access Control in DotCMS versions before 5.1 allows remote attackers to gain privileges by injecting client configuratio
all versions
A reflected cross site scripting (XSS) vulnerability in dotAdmin/#/c/links of dotCMS 21.05.1 allows attackers to execute arbitrary
all versions
A reflected cross site scripting (XSS) vulnerability in dotAdmin/#/c/containers of dotCMS 21.05.1 allows attackers to execute arbi
all versions
A stored cross site scripting (XSS) vulnerability in dotAdmin/#/c/c_Images of dotCMS 21.05.1 allows authenticated attackers to exe
all versions
Cross Site Scripting (XSS) in dotCMS v5.1.5 allows remote attackers to execute arbitrary code by injecting a malicious payload int
< 20.10.1
dotCMS before 20.10.1 allows SQL injection, as demonstrated by the /api/v1/containers orderby parameter. The PaginatorOrdered clas
all versions
DotCMS Add Template with admin panel 20.11 is affected by cross-site Scripting (XSS) to gain remote privileges. An attacker could
< 5.2.4
dotCMS before 5.2.4 is vulnerable to directory traversal, leading to incorrect access control. It allows an attacker to read or ex
< 5.1.6
dotCMS before 5.1.6 is vulnerable to a SQL injection that can be exploited by an attacker of the role Publisher via view_unpushed_
< 5.1.0
dotCMS before 5.1.0 has a path traversal vulnerability exploitable by an administrator to create files. The vulnerability is cause
all versions
/servlets/ajax_file_upload?fieldName=binary3 in dotCMS 5.1.1 allows XSS and HTML Injection.
< 5.0.2
dotCMS before 5.0.2 has open redirects via the html/common/forward_js.jsp FORWARD_URL parameter or the html/portlet/ext/common/pag
<= 5.0.3
An issue was discovered in Dotcms through 5.0.3. Attackers may perform XSS attacks via the inode, identifier, or fieldName paramet
all versions
dotCMS V5.0.1 has XSS in the /html/portlet/ext/contentlet/image_tools/index.jsp fieldName and inode parameters.
<= 3.7.1
The dotCMS administration panel, versions 3.7.1 and earlier, "Push Publishing" feature in Enterprise Pro is vulnerable to arbitrar
<= 3.7.1
The dotCMS administration panel, versions 3.7.1 and earlier, "Push Publishing" feature in Enterprise Pro is vulnerable to path tra
<= 3.7.1
The dotCMS administration panel, versions 3.7.1 and earlier, are vulnerable to cross-site request forgery. The dotCMS administrato
< 3.7.2
SQL injection vulnerability in the "Content Types > Content Types" screen in dotCMS before 3.7.2 and 4.x before 4.1.1 allows remot
< 3.7.2
SQL injection vulnerability in the "Marketing > Forms" screen in dotCMS before 3.7.2 and 4.x before 4.1.1 allows remote authentica
all versions
The dotCMS 4.1.1 application is vulnerable to Stored Cross-Site Scripting (XSS) affecting a vanity-urls Title field, a containers
all versions
Arbitrary file upload vulnerability in com/dotmarketing/servlets/AjaxFileUploadServlet.class in dotCMS 4.1.1 allows remote authent
all versions
dotCMS 3.7.0 has XSS reachable from ext/languages_manager/edit_language in portal/layout via the bottom two form fields.
<= 3.6.1
An issue was discovered in dotCMS through 3.6.1. The findChildrenByFilter() function which is called by the web accessible path /c
all versions
XSS was discovered in dotCMS 3.7.0, with an unauthenticated attack against the /about-us/locations/index direction parameter.
all versions
XSS was discovered in dotCMS 3.7.0, with an unauthenticated attack against the /news-events/events date parameter.
all versions
XSS was discovered in dotCMS 3.7.0, with an authenticated attack against the /myAccount addressID parameter.
<= 3.3.1
SQL injection vulnerability in the REST API in dotCMS before 3.3.2 allows remote attackers to execute arbitrary SQL commands via t
<= 3.3
SQL injection vulnerability in the "Site Browser > HTML pages" screen in dotCMS before 3.3.1 allows remote authenticated attackers
<= 3.3
SQL injection vulnerability in the "Content Types > Content Types" screen in dotCMS before 3.3.1 allows remote authenticated attac
<= 3.3
SQL injection vulnerability in the "Site Browser > Links pages" screen in dotCMS before 3.3.1 allows remote authenticated attacker
<= 3.3
SQL injection vulnerability in the JSONTags servlet in dotCMS before 3.3.1 allows remote authenticated attackers to execute arbitr
<= 3.3
SQL injection vulnerability in the "Site Browser > Containers pages" screen in dotCMS before 3.3.1 allows remote authenticated att
<= 3.3
SQL injection vulnerability in the "Site Browser > Templates pages" screen in dotCMS before 3.3.1 allows remote authenticated atta
<= 3.3
SQL injection vulnerability in the categoriesServlet servlet in dotCMS before 3.3.1 allows remote not authenticated attackers to e
all versions
In dotCMS 3.2.1, attacker can load captcha once, fill it with correct value and then this correct value is ok for forms with captc
<= 3.3.1
CRLF injection vulnerability in the send email functionality in dotCMS before 3.3.2 allows remote attackers to inject arbitrary em
<= 3.3.1
SQL injection vulnerability in the Workflow Screen in dotCMS before 3.3.2 allows remote administrators to execute arbitrary SQL co
<= 3.3.1
SQL injection vulnerability in dotCMS before 3.5 allows remote administrators to execute arbitrary SQL commands via the c0-e3 para
<= 3.5
Directory traversal vulnerability in the dotTailLogServlet in dotCMS before 3.5.1 allows remote authenticated administrators to re
<= 3.5
Cross-site scripting (XSS) vulnerability in lucene_search.jsp in dotCMS before 3.5.1 allows remote attackers to inject arbitrary w
<= 2.3.1
Multiple cross-site scripting (XSS) vulnerabilities in dotCMS before 2.3.2 allow remote attackers to inject arbitrary web script o
all versions
dotCMS 1.9 before 1.9.5.1 allows remote authenticated users to execute arbitrary Java code via a crafted (1) XSLT or (2) Velocity
all versions
Multiple directory traversal vulnerabilities in dotCMS 1.6.0.9 allow remote attackers to read arbitrary files via a .. (dot dot) i
all versions
Cross-site scripting (XSS) vulnerability in search-results.dot in dotCMS 1.x allows remote attackers to inject arbitrary web scrip