Description
dotCMS 1.9 before 1.9.5.1 allows remote authenticated users to execute arbitrary Java code via a crafted (1) XSLT or (2) Velocity template.
Remediation
References
Related Vulnerabilities
Joomla! Core 1.5.x Information Disclosure (1.5.0 - 1.5.14)
Oracle Database Server CVE-2008-0348 Vulnerability (CVE-2008-0348)
WordPress Plugin Anti-Malware Security and Brute-Force Firewall Cross-Site Scripting (4.15.22)
WordPress Plugin NEX-Forms-Ultimate Form builder Multiple SQL Injection Vulnerabilities (4.0)
WordPress Plugin Job Board by BestWebSoft Cross-Site Scripting (1.1.3)