Vulnerabilities - Acunetix

Vulnerability Name	CVE CWE	CWE	Severity
Dot CMS Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2024-3938)	CVE-2024-3938 CWE-707	CWE-707	Medium
Dot CMS Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') Vulnerability (CVE-2020-18875)	CVE-2020-18875 CWE-138	CWE-138	High
Dot CMS Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2016-2355)	CVE-2016-2355 CWE-138	CWE-138	Critical
Dot CMS Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2016-4040)	CVE-2016-4040 CWE-138	CWE-138	High
Dot CMS Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2016-8902)	CVE-2016-8902 CWE-138	CWE-138	Critical
Dot CMS Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2016-8903)	CVE-2016-8903 CWE-138	CWE-138	High
Dot CMS Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2016-8904)	CVE-2016-8904 CWE-138	CWE-138	High
Dot CMS Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2016-8905)	CVE-2016-8905 CWE-138	CWE-138	High
Dot CMS Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2016-8906)	CVE-2016-8906 CWE-138	CWE-138	High
Dot CMS Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2016-8907)	CVE-2016-8907 CWE-138	CWE-138	High
Dot CMS Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2016-8908)	CVE-2016-8908 CWE-138	CWE-138	High
Dot CMS Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2016-10007)	CVE-2016-10007 CWE-138	CWE-138	High
Dot CMS Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2016-10008)	CVE-2016-10008 CWE-138	CWE-138	High
Dot CMS Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2017-5344)	CVE-2017-5344 CWE-138	CWE-138	Critical
Dot CMS Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2019-12872)	CVE-2019-12872 CWE-138	CWE-138	High
Dot CMS Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2020-27848)	CVE-2020-27848 CWE-138	CWE-138	High
Dot CMS Other Vulnerability (CVE-2016-4803)	CVE-2016-4803		High
Dot CMS Other Vulnerability (CVE-2022-26352)	CVE-2022-26352		Critical
Dot CMS Permissions, Privileges, and Access Controls Vulnerability (CVE-2012-1826)	CVE-2012-1826 CWE-264	CWE-264	Medium
Dot CMS Permissions, Privileges, and Access Controls Vulnerability (CVE-2016-8600)	CVE-2016-8600 CWE-264	CWE-264	High
Dot CMS Server-Side Request Forgery (SSRF) Vulnerability (CVE-2022-37033)	CVE-2022-37033 CWE-918	CWE-918	Medium
Dot CMS Uncontrolled Recursion Vulnerability (CVE-2022-37034)	CVE-2022-37034 CWE-674	CWE-674	Medium
DotCMS unrestricted file upload (CVE-2022-26352)	CVE-2022-26352 CWE-434	CWE-434	High
Dot CMS Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2017-3189)	CVE-2017-3189 CWE-434	CWE-434	High
Dot CMS Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2017-11466)	CVE-2017-11466 CWE-434	CWE-434	High
Dot CMS Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2020-19138)	CVE-2020-19138 CWE-434	CWE-434	Critical
Dot CMS URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2018-17422)	CVE-2018-17422 CWE-601	CWE-601	Medium
Dot CMS Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) Vulnerability (CVE-2022-45782)	CVE-2022-45782 CWE-338	CWE-338	High
Dotenv .env file	CWE-538	CWE-538	High
DotNetNuke multiple vulnerabilities	CVE-2012-1030 CWE-79	CWE-79	High
Dragonfly Arbitrary File Read/Write (CVE-2021-33564)	CVE-2021-33564 CWE-20	CWE-20	High
Drupal 7 arbitrary PHP code execution and information disclosure	CVE-2012-4553 CVE-2012-4554 CWE-264	CWE-264	High
Drupal 7PK - Security Features Vulnerability (CVE-2016-3163)	CVE-2016-3163		High
Drupal 7PK - Security Features Vulnerability (CVE-2016-3168)	CVE-2016-3168		Medium
Drupal Backup Migrate directory publicly accessible	CWE-538	CWE-538	High
Drupal configuration file weak file permissions	CWE-16	CWE-16	Medium
Drupal Configuration Vulnerability (CVE-2008-6171)	CVE-2008-6171		Critical
Drupal Core 4.5.x Cross-Site Scripting (4.5.0 - 4.5.1)	CVE-2005-0682 CWE-79	CWE-79	High
Drupal Core 4.5.x Cross-Site Scripting (4.5.0 - 4.5.5)	CVE-2005-3973 CWE-79	CWE-79	High
Drupal Core 4.5.x Cross-Site Scripting (4.5.0 - 4.5.7)	CVE-2006-1226 CWE-79	CWE-79	High
Drupal Core 4.5.x Mail Header Injection (4.5.0 - 4.5.7)	CWE-20	CWE-20	High
Drupal Core 4.5.x Multiple Vulnerabilities (4.5.0 - 4.5.5)	CWE-79 CWE-113	CWE-79 CWE-113	High
Drupal Core 4.5.x Security Bypass (4.5.0 - 4.5.7)	CWE-264	CWE-264	High
Drupal Core 4.5.x Session Fixation (4.5.0 - 4.5.7)	CWE-384	CWE-384	High
Drupal Core 4.6.x Arbitrary Code Execution (4.6.0 - 4.6.6)	CVE-2006-2743 CWE-95	CWE-95	High
Drupal Core 4.6.x Arbitrary Code Execution (4.6.0 - 4.6.7)	CVE-2006-2831 CWE-95	CWE-95	High
Drupal Core 4.6.x Cross-Site Request Forgery (4.6.0 - 4.6.9)	CVE-2006-5476 CWE-352	CWE-352	High
Drupal Core 4.6.x Cross-Site Scripting (4.6.0 - 4.6.3)	CVE-2005-3973 CWE-79	CWE-79	High
Drupal Core 4.6.x Cross-Site Scripting (4.6.0 - 4.6.5)	CVE-2006-1226 CWE-79	CWE-79	High
Drupal Core 4.6.x Cross-Site Scripting (4.6.0 - 4.6.7)	CVE-2006-2833 CWE-79	CWE-79	High
Drupal Core 4.6.x Cross-Site Scripting (4.6.0 - 4.6.8)	CVE-2006-4002 CWE-79	CWE-79	High
Drupal Core 4.6.x Cross-Site Scripting (4.6.0 - 4.6.10)	CVE-2007-0136 CWE-79	CWE-79	High
Drupal Core 4.6.x Denial of Service (4.6.0 - 4.6.10)	CVE-2007-0124 CWE-400	CWE-400	High
Drupal Core 4.6.x Form Action Attribute Injection (4.6.0 - 4.6.9)	CVE-2006-5477 CWE-20	CWE-20	High
Drupal Core 4.6.x Mail Header Injection (4.6.0 - 4.6.5)	CWE-20	CWE-20	High
Drupal Core 4.6.x Multiple Cross-Site Scripting Vulnerabilities (4.6.0 - 4.6.9)	CVE-2006-5475 CWE-79	CWE-79	High
Drupal Core 4.6.x Multiple Vulnerabilities (4.6.0 - 4.6.3)	CWE-79 CWE-113	CWE-79 CWE-113	High
Drupal Core 4.6.x Security Bypass (4.6.0 - 4.6.3)	CVE-2005-3974 CWE-264	CWE-264	High
Drupal Core 4.6.x Security Bypass (4.6.0 - 4.6.5)	CWE-264	CWE-264	High
Drupal Core 4.6.x Session Fixation (4.6.0 - 4.6.5)	CWE-384	CWE-384	High
Drupal Core 4.6.x SQL Injection (4.6.0 - 4.6.6)	CVE-2006-2742 CWE-89	CWE-89	High
Drupal Core 4.7.x Arbitrary Code Execution (4.7.0 - 4.7.5)	CVE-2007-0626 CWE-95	CWE-95	High
Drupal Core 4.7.x Arbitrary Code Execution (4.7.0)	CVE-2006-2743 CWE-95	CWE-95	High
Drupal Core 4.7.x Cross-Site Request Forgery (4.7.0 - 4.7.3)	CVE-2006-5476 CWE-352	CWE-352	High
Drupal Core 4.7.x Cross-Site Request Forgery (4.7.0 - 4.7.10)	CVE-2008-0272 CWE-352	CWE-352	High
Drupal Core 4.7.x Cross-Site Scripting (4.7.0 - 4.7.1)	CVE-2006-2833 CWE-79	CWE-79	High
Drupal Core 4.7.x Cross-Site Scripting (4.7.0 - 4.7.2)	CVE-2006-4002 CWE-79	CWE-79	High
Drupal Core 4.7.x Cross-Site Scripting (4.7.0 - 4.7.4)	CVE-2007-0136 CWE-79	CWE-79	High
Drupal Core 4.7.x Cross-Site Scripting (4.7.0 - 4.7.7)	CVE-2007-5596 CWE-79	CWE-79	High
Drupal Core 4.7.x Cross-Site Scripting (4.7.0 - 4.7.10)	CVE-2008-0274 CWE-79	CWE-79	High
Drupal Core 4.7.x Denial of Service (4.7.0 - 4.7.4)	CVE-2007-0124 CWE-400	CWE-400	High
Drupal Core 4.7.x Form Action Attribute Injection (4.7.0 - 4.7.3)	CVE-2006-5477 CWE-20	CWE-20	High
Drupal Core 4.7.x HTTP Response Splitting (4.7.0 - 4.7.7)	CVE-2007-5595 CWE-113	CWE-113	High
Drupal Core 4.7.x Multiple Cross-Site Scripting Vulnerabilities (4.7.0 - 4.7.3)	CVE-2006-5475 CWE-79	CWE-79	High
Drupal Core 4.7.x Multiple Cross-Site Scripting Vulnerabilities (4.7.0 - 4.7.6)	CVE-2007-4064 CWE-79	CWE-79	High

Dot CMS Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2024-3938)

CVE-2024-3938

CWE-707

Medium

Dot CMS Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') Vulnerability (CVE-2020-18875)

CVE-2020-18875

CWE-138

High

Dot CMS Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2016-2355)

CVE-2016-2355

CWE-138

Critical

Dot CMS Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2016-4040)

CVE-2016-4040

CWE-138

High

Dot CMS Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2016-8902)

CVE-2016-8902

CWE-138

Critical

Dot CMS Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2016-8903)

CVE-2016-8903

CWE-138

High

Dot CMS Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2016-8904)

CVE-2016-8904

CWE-138

High

Dot CMS Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2016-8905)

CVE-2016-8905

CWE-138

High

Dot CMS Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2016-8906)

CVE-2016-8906

CWE-138

High

Dot CMS Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2016-8907)

CVE-2016-8907

CWE-138

High

Dot CMS Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2016-8908)

CVE-2016-8908

CWE-138

High

Dot CMS Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2016-10007)

CVE-2016-10007

CWE-138

High

Dot CMS Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2016-10008)

CVE-2016-10008

CWE-138

High

Dot CMS Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2017-5344)

CVE-2017-5344

CWE-138

Critical

Dot CMS Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2019-12872)

CVE-2019-12872

CWE-138

High

Dot CMS Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2020-27848)

CVE-2020-27848

CWE-138

High

Dot CMS Other Vulnerability (CVE-2016-4803)

CVE-2016-4803

High

Dot CMS Other Vulnerability (CVE-2022-26352)

CVE-2022-26352

Critical

Dot CMS Permissions, Privileges, and Access Controls Vulnerability (CVE-2012-1826)

CVE-2012-1826

CWE-264

Medium

Dot CMS Permissions, Privileges, and Access Controls Vulnerability (CVE-2016-8600)

CVE-2016-8600

CWE-264

High

Dot CMS Server-Side Request Forgery (SSRF) Vulnerability (CVE-2022-37033)

CVE-2022-37033

CWE-918

Medium

Dot CMS Uncontrolled Recursion Vulnerability (CVE-2022-37034)

CVE-2022-37034

CWE-674

Medium

DotCMS unrestricted file upload (CVE-2022-26352)

CVE-2022-26352

CWE-434

High

Dot CMS Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2017-3189)

CVE-2017-3189

CWE-434

High

Dot CMS Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2017-11466)

CVE-2017-11466

CWE-434

High

Dot CMS Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2020-19138)

CVE-2020-19138

CWE-434

Critical

Dot CMS URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2018-17422)

CVE-2018-17422

CWE-601

Medium

Dot CMS Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) Vulnerability (CVE-2022-45782)

CVE-2022-45782

CWE-338

High

Dotenv .env file

CWE-538

High

DotNetNuke multiple vulnerabilities

CVE-2012-1030

CWE-79

High

Dragonfly Arbitrary File Read/Write (CVE-2021-33564)

CVE-2021-33564

CWE-20

High

Drupal 7 arbitrary PHP code execution and information disclosure

CVE-2012-4553 CVE-2012-4554

CWE-264

High

Drupal 7PK - Security Features Vulnerability (CVE-2016-3163)

CVE-2016-3163

High

Drupal 7PK - Security Features Vulnerability (CVE-2016-3168)

CVE-2016-3168

Medium

Drupal Backup Migrate directory publicly accessible

CWE-538

High

Drupal configuration file weak file permissions

CWE-16

Medium

Drupal Configuration Vulnerability (CVE-2008-6171)

CVE-2008-6171

Critical

Drupal Core 4.5.x Cross-Site Scripting (4.5.0 - 4.5.1)

CVE-2005-0682

CWE-79

High

Drupal Core 4.5.x Cross-Site Scripting (4.5.0 - 4.5.5)

CVE-2005-3973

CWE-79

High

Drupal Core 4.5.x Cross-Site Scripting (4.5.0 - 4.5.7)

CVE-2006-1226

CWE-79

High

Drupal Core 4.5.x Mail Header Injection (4.5.0 - 4.5.7)

CWE-20

High

Drupal Core 4.5.x Multiple Vulnerabilities (4.5.0 - 4.5.5)

CWE-79 CWE-113

High

Drupal Core 4.5.x Security Bypass (4.5.0 - 4.5.7)

CWE-264

High

Drupal Core 4.5.x Session Fixation (4.5.0 - 4.5.7)

CWE-384

High

Drupal Core 4.6.x Arbitrary Code Execution (4.6.0 - 4.6.6)

CVE-2006-2743

CWE-95

High

Drupal Core 4.6.x Arbitrary Code Execution (4.6.0 - 4.6.7)

CVE-2006-2831

CWE-95

High

Drupal Core 4.6.x Cross-Site Request Forgery (4.6.0 - 4.6.9)

CVE-2006-5476

CWE-352

High

Drupal Core 4.6.x Cross-Site Scripting (4.6.0 - 4.6.3)

CVE-2005-3973

CWE-79

High

Drupal Core 4.6.x Cross-Site Scripting (4.6.0 - 4.6.5)

CVE-2006-1226

CWE-79

High

Drupal Core 4.6.x Cross-Site Scripting (4.6.0 - 4.6.7)

CVE-2006-2833

CWE-79

High

Drupal Core 4.6.x Cross-Site Scripting (4.6.0 - 4.6.8)

CVE-2006-4002

CWE-79

High

Drupal Core 4.6.x Cross-Site Scripting (4.6.0 - 4.6.10)

CVE-2007-0136

CWE-79

High

Drupal Core 4.6.x Denial of Service (4.6.0 - 4.6.10)

CVE-2007-0124

CWE-400

High

Drupal Core 4.6.x Form Action Attribute Injection (4.6.0 - 4.6.9)

CVE-2006-5477

CWE-20

High

Drupal Core 4.6.x Mail Header Injection (4.6.0 - 4.6.5)

CWE-20

High

Drupal Core 4.6.x Multiple Cross-Site Scripting Vulnerabilities (4.6.0 - 4.6.9)

CVE-2006-5475

CWE-79

High

Drupal Core 4.6.x Multiple Vulnerabilities (4.6.0 - 4.6.3)

CWE-79 CWE-113

High

Drupal Core 4.6.x Security Bypass (4.6.0 - 4.6.3)

CVE-2005-3974

CWE-264

High

Drupal Core 4.6.x Security Bypass (4.6.0 - 4.6.5)

CWE-264

High

Drupal Core 4.6.x Session Fixation (4.6.0 - 4.6.5)

CWE-384

High

Drupal Core 4.6.x SQL Injection (4.6.0 - 4.6.6)

CVE-2006-2742

CWE-89

High

Drupal Core 4.7.x Arbitrary Code Execution (4.7.0 - 4.7.5)

CVE-2007-0626

CWE-95

High

Drupal Core 4.7.x Arbitrary Code Execution (4.7.0)

CVE-2006-2743

CWE-95

High

Drupal Core 4.7.x Cross-Site Request Forgery (4.7.0 - 4.7.3)

CVE-2006-5476

CWE-352

High

Drupal Core 4.7.x Cross-Site Request Forgery (4.7.0 - 4.7.10)

CVE-2008-0272

CWE-352

High

Drupal Core 4.7.x Cross-Site Scripting (4.7.0 - 4.7.1)

CVE-2006-2833

CWE-79

High

Drupal Core 4.7.x Cross-Site Scripting (4.7.0 - 4.7.2)

CVE-2006-4002

CWE-79

High

Drupal Core 4.7.x Cross-Site Scripting (4.7.0 - 4.7.4)

CVE-2007-0136

CWE-79

High

Drupal Core 4.7.x Cross-Site Scripting (4.7.0 - 4.7.7)

CVE-2007-5596

CWE-79

High

Drupal Core 4.7.x Cross-Site Scripting (4.7.0 - 4.7.10)

CVE-2008-0274

CWE-79

High

Drupal Core 4.7.x Denial of Service (4.7.0 - 4.7.4)

CVE-2007-0124

CWE-400

High

Drupal Core 4.7.x Form Action Attribute Injection (4.7.0 - 4.7.3)

CVE-2006-5477

CWE-20

High

Drupal Core 4.7.x HTTP Response Splitting (4.7.0 - 4.7.7)

CVE-2007-5595

CWE-113

High

Drupal Core 4.7.x Multiple Cross-Site Scripting Vulnerabilities (4.7.0 - 4.7.3)

CVE-2006-5475

CWE-79

High

Drupal Core 4.7.x Multiple Cross-Site Scripting Vulnerabilities (4.7.0 - 4.7.6)

CVE-2007-4064

CWE-79

High

Standard & Premium

Severity

Vulnerability Categories

Still Have Questions?

Take action and discover your vulnerabilities