cbcvebase.

Dotcms Core vulnerabilities

6 known vulnerabilities affecting dotcms/dotcms_core.

Total CVEs
6
CISA KEV
0
Public exploits
1
Exploited in wild
1
Severity breakdown
CRITICAL2MEDIUM4

Vulnerabilities

Page 1 of 1
CVE-2026-8054P1CRITICALCVSS 10.0ExploitedPoC≥ 25.11.04-1, ≤ 26.04.28-022026-05-27
CVE-2026-8054 [CRITICAL] CWE-89 CVE-2026-8054: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') in the Publish Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') in the Publish Audit API endpoints (/api/auditPublishing/get and /api/auditPublishing/getAll) in dotCMS Core 25.11.04-1 through 26.04.28-02 allows remote unauthenticated attackers to read, modify, or destroy arbitrary database content. The endpoints did not enforce au
nvd
CVE-2024-4447P3CRITICALCVSS 9.9≥ 4.2.1, < 23.01.202024-07-26
CVE-2024-4447 [CRITICAL] CWE-863 CVE-2024-4447: In the System → Maintenance tool, the Logged Users tab surfaces sessionId data for all users via the In the System → Maintenance tool, the Logged Users tab surfaces sessionId data for all users via the Direct Web Remoting API (UserSessionAjax.getSessionList.dwr) calls. While this is information that would and should be available to admins who possess "Sign In As" powers, admins who otherwise lack this privilege would still be able to utilize the se
nvd
CVE-2023-3042P4MEDIUMCVSS 6.1v5.3.8v21.06+2 more2023-10-17
CVE-2023-3042 [MEDIUM] CWE-79 CVE-2023-3042: In dotCMS, versions mentioned, a flaw in the NormalizationFilter does not strip double slashes (//) In dotCMS, versions mentioned, a flaw in the NormalizationFilter does not strip double slashes (//) from URLs, potentially enabling bypasses for XSS and access controls. An example affected URL is https://demo.dotcms.com//html/portlet/ext/files/edit_text_inc.jsp , which should return a 404 response but didn't. The oversight in the default invalid URL c
nvd
CVE-2024-3938P4MEDIUMCVSS 6.1v5.1.5 and after2024-07-25
CVE-2024-3938 [MEDIUM] CWE-20 CVE-2024-3938: The "reset password" login page accepted an HTML injection via URL parameters. This has already bee The "reset password" login page accepted an HTML injection via URL parameters. This has already been rectified via patch, and as such it cannot be demonstrated via Demo site link. Those interested to see the vulnerability may spin up a http://localhost:8082/dotAdmin/#/public/login?resetEmailSent=true&resetEmail=%3Ch1%3E%3Ca%20href%3D%22https:%2F%2Fgoog
nvd
CVE-2024-3164P4MEDIUMCVSS 4.5v22.02 and after2024-04-01
CVE-2024-3164 [MEDIUM] CWE-284 CVE-2024-3164: In dotCMS dashboard, the Tools and Log Files tabs under System → Maintenance Portlet, which is and a In dotCMS dashboard, the Tools and Log Files tabs under System → Maintenance Portlet, which is and always has been an Admin portlet, is accessible to anyone with that portlet and not just to CMS Admins. Users that get site admin but not a system admin, should not have access to the System Maintenance → Tools portlet. This would share database username
nvd
CVE-2024-3165P4MEDIUMCVSS 4.5v22.02 and after2024-04-01
CVE-2024-3165 [MEDIUM] CWE-532 CVE-2024-3165: System->Maintenance-> Log Files in dotCMS dashboard is providing the username/password for database System->Maintenance-> Log Files in dotCMS dashboard is providing the username/password for database connections in the log output. Nevertheless, this is a moderate issue as it requires a backend admin as well as that dbs are locked down by environment. OWASP Top 10 - A05) Insecure Design OWASP Top 10 - A05) Security Misconfiguration OWASP Top 10 - A
nvd
Dotcms Core vulnerabilities | cvebase