Description
dotCMS 1.9 before 1.9.5.1 allows remote authenticated users to execute arbitrary Java code via a crafted (1) XSLT or (2) Velocity template.
Remediation
References
Related Vulnerabilities
Moodle Permissions, Privileges, and Access Controls Vulnerability (CVE-2013-1834)
WordPress Plugin NextScripts:Social Networks Auto-Poster Cross-Site Scripting (4.3.23)
WordPress Plugin Wordpress Membership SwiftCloud.io SQL Injection (1.0)
WordPress Plugin WPFront User Role Editor Multiple Cross-Site Scripting Vulnerabilities (2.13)
Atlassian Jira Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2008-6832)