Known Vulnerabilities for products from DotCMS

Listed below are 20 of the newest known vulnerabilities associated with the vendor "DotCMS".

These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.

Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.

Known Vulnerabilities

CVE Shortened Description Severity Publish Date Last Modified
CVE-2026-8054 json Not Provided 2026-05-27 2026-05-27
CVE-2023-3042 json In dotCMS, versions mentioned, a flaw in the NormalizationFilter does not strip double slashes (//) from URLs, potentially en... 6.1 - MEDIUM 2023-10-17 2023-10-25
CVE-2022-45783 json An issue was discovered in dotCMS core 4.x through 22.10.2. An authenticated directory traversal vulnerability in the dotCMS ... 6.5 - MEDIUM 2023-02-01 2023-02-14
CVE-2022-45782 json An issue was discovered in dotCMS core 5.3.8.5 through 5.3.8.15 and 21.03 through 22.10.1. A cryptographically insecure rando... 8.8 - HIGH 2023-02-01 2023-08-08
CVE-2022-37431 json ** DISPUTED ** A Reflected Cross-site scripting (XSS) issue was discovered in dotCMS Core through 22.06. This occurs in the a... 6.1 - MEDIUM 2022-08-05 2023-11-07
CVE-2022-37034 json In dotCMS 5.x-22.06, it is possible to call the TempResource multiple times, each time requesting the dotCMS server to downlo... 5.3 - MEDIUM 2023-02-01 2023-02-09
CVE-2022-37033 json In dotCMS 5.x-22.06, TempFileAPI allows a user to create a temporary file based on a passed in URL, while attempting to block... 6.5 - MEDIUM 2023-02-01 2023-02-09
CVE-2022-35740 json dotCMS before 22.06 allows remote attackers to bypass intended access control and obtain sensitive information by using a sem... 6.1 - MEDIUM 2022-11-10 2022-11-15
CVE-2022-26352 json An issue was discovered in the ContentResource API in dotCMS 3.0 through 22.02. Attackers can craft a multipart form request ... 9.8 - CRITICAL 2022-07-17 2023-08-08
CVE-2021-35361 json A reflected cross site scripting (XSS) vulnerability in dotAdmin/#/c/links of dotCMS 21.05.1 allows attackers to execute arbi... 4.8 - MEDIUM 2021-07-09 2021-07-13
CVE-2021-35360 json A reflected cross site scripting (XSS) vulnerability in dotAdmin/#/c/containers of dotCMS 21.05.1 allows attackers to execute... 4.8 - MEDIUM 2021-07-09 2021-07-13
CVE-2021-35358 json A stored cross site scripting (XSS) vulnerability in dotAdmin/#/c/c_Images of dotCMS 21.05.1 allows authenticated attackers t... 4.8 - MEDIUM 2021-07-09 2021-07-13
CVE-2020-35274 json DotCMS Add Template with admin panel 20.11 is affected by cross-site Scripting (XSS) to gain remote privileges. An attacker c... 4.8 - MEDIUM 2020-12-21 2020-12-21
CVE-2020-27848 json dotCMS before 20.10.1 allows SQL injection, as demonstrated by the /api/v1/containers orderby parameter. The PaginatorOrdered... 8.8 - HIGH 2020-12-30 2021-01-04
CVE-2020-19138 json Unrestricted Upload of File with Dangerous Type in DotCMS v5.2.3 and earlier allow remote attackers to execute arbitrary code... 9.8 - CRITICAL 2021-09-08 2021-09-15
CVE-2020-18875 json Incorrect Access Control in DotCMS versions before 5.1 allows remote attackers to gain privileges by injecting client configu... 8.8 - HIGH 2021-08-18 2022-10-26
CVE-2020-17542 json Cross Site Scripting (XSS) in dotCMS v5.1.5 allows remote attackers to execute arbitrary code by injecting a malicious payloa... 5.4 - MEDIUM 2021-04-23 2021-04-30
CVE-2020-6754 json dotCMS before 5.2.4 is vulnerable to directory traversal, leading to incorrect access control. It allows an attacker to read ... 9.8 - CRITICAL 2020-02-05 2020-02-07
CVE-2019-12872 json dotCMS before 5.1.6 is vulnerable to a SQL injection that can be exploited by an attacker of the role Publisher via view_unpu... 7.2 - HIGH 2019-06-18 2019-06-18
CVE-2019-12309 json dotCMS before 5.1.0 has a path traversal vulnerability exploitable by an administrator to create files. The vulnerability is ... 4.9 - MEDIUM 2019-05-23 2019-05-24
Results limited to 20 most recent vulnerabilities

Known software with vulnerabilities from DotCMS

Type Vendor Product Version
ApplicationDotcmsDotcms1.9
© CVE.report 2026 |

Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.

CVE, CWE, and OVAL are registred trademarks of The MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. This site includes MITRE data granted under the following license.

Free CVE JSON API cve.report/api

CVE.report and Source URL Uptime Status status.cve.report