WEB APPLICATION VULNERABILITIES Standard & Premium

Dot CMS Permissions, Privileges, and Access Controls Vulnerability (CVE-2012-1826)

Description

dotCMS 1.9 before 1.9.5.1 allows remote authenticated users to execute arbitrary Java code via a crafted (1) XSLT or (2) Velocity template.

Remediation

References

Related Vulnerabilities

Jboss EAP Allocation of Resources Without Limits or Throttling Vulnerability (CVE-2023-5379)

WordPress Plugin Contact Form Email Cross-Site Scripting (1.3.24)

XWiki Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2021-32731)

WordPress Other Vulnerability (CVE-2004-1584)

WordPress Plugin All-in-One Video Gallery Multiple Vulnerabilities (2.6.0)

Severity

Medium

Classification

CVE-2012-1826 CWE-264

Tags

Missing Update Known Vulnerabilities