Get a demo
100% Signal 0% Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo

CMS

Dot CMS

dotCMS is an open source headless/hybrid content management system (CMS) that has been designed to manage and deliver personalized permission-based content experiences across multiple channels. dotCMS can can serve as a headless content hub and also as a platform for sites mobile apps mini-sites portals intranets. dotCMS is used everywhere from running small sites to powering multi-node installations for governments Fortune 100 companies Universities and Global Brands. Written in java dotCMS environment can scale to support hundreds of editors managing thousands of sites with millions of content objects.

Official Site:

https://www.dotcms.com/

Severity Summary:

Critical: 6 High: 18 Medium: 29 Low: 1
Reference
Title
Severity
CVE-2016-8902
Dot CMS Improper Neutralization of Special Elements used in an SQL Command (SQL Injection) Vulnerability
Critical
CVE-2017-5344
Dot CMS Improper Neutralization of Special Elements used in an SQL Command (SQL Injection) Vulnerability
Critical
CVE-2022-26352
Dot CMS Other Vulnerability
Critical
CVE-2016-2355
Dot CMS Improper Neutralization of Special Elements used in an SQL Command (SQL Injection) Vulnerability
Critical
CVE-2020-19138
Dot CMS Unrestricted Upload of File with Dangerous Type Vulnerability
Critical
CVE-2020-6754
Dot CMS Improper Limitation of a Pathname to a Restricted Directory (Path Traversal) Vulnerability
Critical
CVE-2016-10007
Dot CMS Improper Neutralization of Special Elements used in an SQL Command (SQL Injection) Vulnerability
High
CVE-2017-11466
Dot CMS Unrestricted Upload of File with Dangerous Type Vulnerability
High
CVE-2016-8906
Dot CMS Improper Neutralization of Special Elements used in an SQL Command (SQL Injection) Vulnerability
High
CVE-2016-8905
Dot CMS Improper Neutralization of Special Elements used in an SQL Command (SQL Injection) Vulnerability
High
CVE-2019-12872
Dot CMS Improper Neutralization of Special Elements used in an SQL Command (SQL Injection) Vulnerability
High
CVE-2017-3187
Dot CMS Cross-Site Request Forgery (CSRF) Vulnerability
High
CVE-2016-8904
Dot CMS Improper Neutralization of Special Elements used in an SQL Command (SQL Injection) Vulnerability
High
CVE-2017-3189
Dot CMS Unrestricted Upload of File with Dangerous Type Vulnerability
High
CVE-2020-27848
Dot CMS Improper Neutralization of Special Elements used in an SQL Command (SQL Injection) Vulnerability
High
CVE-2016-10008
Dot CMS Improper Neutralization of Special Elements used in an SQL Command (SQL Injection) Vulnerability
High
CVE-2016-8903
Dot CMS Improper Neutralization of Special Elements used in an SQL Command (SQL Injection) Vulnerability
High
CVE-2016-8907
Dot CMS Improper Neutralization of Special Elements used in an SQL Command (SQL Injection) Vulnerability
High
CVE-2016-8908
Dot CMS Improper Neutralization of Special Elements used in an SQL Command (SQL Injection) Vulnerability
High
CVE-2020-18875
Dot CMS Improper Neutralization of Special Elements in Output Used by a Downstream Component (Injection) Vulnerability
High
CVE-2016-8600
Dot CMS Permissions Privileges and Access Controls Vulnerability
High
CVE-2016-4803
Dot CMS Other Vulnerability
High
CVE-2016-4040
Dot CMS Improper Neutralization of Special Elements used in an SQL Command (SQL Injection) Vulnerability
High
CVE-2022-45782
Dot CMS Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) Vulnerability
High
CVE-2016-3688
Dot CMS Exposure of Sensitive Information to an Unauthorized Actor Vulnerability
Medium
CVE-2016-3971
Dot CMS Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Medium
CVE-2013-3484
Dot CMS Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Medium
CVE-2008-2397
Dot CMS Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Medium
CVE-2012-1826
Dot CMS Permissions Privileges and Access Controls Vulnerability
Medium
CVE-2008-3708
Dot CMS Improper Limitation of a Pathname to a Restricted Directory (Path Traversal) Vulnerability
Medium