Dotcms Security Issues http://dotcms.com/security/ RSS Feed for Security Issues in Dotcms Blind SQL injection http://dotcms.com/security/SI-39 http://dotcms.com/security/SI-39 Tue, 17 Jan 2017 11:30:00 -0500 Captcha can be programmatically reused by passing session id http://dotcms.com/security/SI-38 http://dotcms.com/security/SI-38 Tue, 1 Nov 2016 00:00:00 -0400 Insufficient authentication in the CMSMaintenanceAjax class http://dotcms.com/security/SI-37 http://dotcms.com/security/SI-37 Wed, 27 Jul 2016 13:15:00 -0400 SQL Injection from Workflow Screen III http://dotcms.com/security/SI-36 http://dotcms.com/security/SI-36 Tue, 12 Apr 2016 11:15:00 -0400 SQL Injection via REST api http://dotcms.com/security/SI-35 http://dotcms.com/security/SI-35 Tue, 12 Apr 2016 09:00:00 -0400 Directory traversal vulnerability by Admin http://dotcms.com/security/SI-34 http://dotcms.com/security/SI-34 Mon, 11 Apr 2016 15:30:00 -0400 XSS in Lucene Search Admin tool http://dotcms.com/security/SI-33 http://dotcms.com/security/SI-33 Mon, 11 Apr 2016 14:30:00 -0400 SQL Injection via DWR - Requires Authenticated User http://dotcms.com/security/SI-32 http://dotcms.com/security/SI-32 Mon, 4 Apr 2016 15:30:00 -0400 CSRF Add User http://dotcms.com/security/SI-31 http://dotcms.com/security/SI-31 Mon, 30 Nov 2015 17:15:00 -0500 SQL Injection from Workflow Screen II http://dotcms.com/security/SI-30 http://dotcms.com/security/SI-30 Mon, 30 Nov 2015 15:00:00 -0500 SSRF Vulnerability in RESTful ContentAPI http://dotcms.com/security/SI-29 http://dotcms.com/security/SI-29 Mon, 30 Nov 2015 15:00:00 -0500 jsps exposed to non-authenticated users http://dotcms.com/security/SI-28 http://dotcms.com/security/SI-28 Wed, 24 Sep 2014 00:00:00 -0400 XSS on "page not found .jsp" http://dotcms.com/security/SI-27 http://dotcms.com/security/SI-27 Tue, 23 Sep 2014 12:00:00 -0400 CRLF Header Injection vulnerability http://dotcms.com/security/SI-26 http://dotcms.com/security/SI-26 Thu, 17 Jul 2014 15:00:00 -0400 Password fields with enabled autocomplete http://dotcms.com/security/SI-25 http://dotcms.com/security/SI-25 Mon, 21 Apr 2014 15:00:00 -0400 Missing Cookie Security Attribute “httpOnly” http://dotcms.com/security/SI-24 http://dotcms.com/security/SI-24 Mon, 21 Apr 2014 15:00:00 -0400 HTTP header injection http://dotcms.com/security/SI-23 http://dotcms.com/security/SI-23 Mon, 21 Apr 2014 11:30:00 -0400 Arbitrary URL redirects http://dotcms.com/security/SI-22 http://dotcms.com/security/SI-22 Mon, 21 Apr 2014 11:15:00 -0400 Information disclosure through unauthenticated and unused scripts http://dotcms.com/security/SI-21 http://dotcms.com/security/SI-21 Mon, 21 Apr 2014 11:00:00 -0400 Vulnerabilities in “Comments” feature http://dotcms.com/security/SI-20 http://dotcms.com/security/SI-20 Mon, 21 Apr 2014 10:45:00 -0400 Cross Site Scripting filter bypass http://dotcms.com/security/SI-19 http://dotcms.com/security/SI-19 Mon, 21 Apr 2014 10:15:00 -0400 Arbitrary Command Execution http://dotcms.com/security/SI-18 http://dotcms.com/security/SI-18 Mon, 21 Apr 2014 10:00:00 -0400 Forgot Password generates weak password http://dotcms.com/security/SI-17 http://dotcms.com/security/SI-17 Mon, 21 Apr 2014 08:45:00 -0400 XSS possible in admin tool as authenticated user http://dotcms.com/security/SI-16 http://dotcms.com/security/SI-16 Wed, 3 Jul 2013 07:45:00 -0400 AJAX requests without a session ID or other form of authentication http://dotcms.com/security/SI-15 http://dotcms.com/security/SI-15 Tue, 18 Jun 2013 14:00:00 -0400 XSS Vulnerability on Login Page http://dotcms.com/security/SI-14 http://dotcms.com/security/SI-14 Tue, 18 Jun 2013 10:30:00 -0400 Cross Site Request Forgery (XSRF or CSRF) http://dotcms.com/security/SI-13 http://dotcms.com/security/SI-13 Mon, 10 Jun 2013 11:30:00 -0400 Possible Clickjacking / no frame busting code in dotCMS admin http://dotcms.com/security/SI-12 http://dotcms.com/security/SI-12 Sat, 8 Jun 2013 12:00:00 -0400 Test pages shipped in product http://dotcms.com/security/SI-11 http://dotcms.com/security/SI-11 Fri, 7 Jun 2013 16:00:00 -0400 Insecure Browser Caching http://dotcms.com/security/SI-10 http://dotcms.com/security/SI-10 Fri, 7 Jun 2013 15:00:00 -0400 Use of Persistent Cookies http://dotcms.com/security/SI-9 http://dotcms.com/security/SI-9 Wed, 5 Jun 2013 12:15:00 -0400 SQL Injection from Workflow Screen http://dotcms.com/security/SI-8 http://dotcms.com/security/SI-8 Wed, 5 Jun 2013 10:45:00 -0400 Possible Cross Site Redirect http://dotcms.com/security/SI-7 http://dotcms.com/security/SI-7 Tue, 4 Jun 2013 13:45:00 -0400 Cross Domain Scripts Included Within Application http://dotcms.com/security/SI-6 http://dotcms.com/security/SI-6 Tue, 4 Jun 2013 11:45:00 -0400 XSS possible after admin authentication http://dotcms.com/security/SI-5 http://dotcms.com/security/SI-5 Sun, 2 Jun 2013 12:00:00 -0400 XSS error on the account login page http://dotcms.com/security/SI-4 http://dotcms.com/security/SI-4 Mon, 10 Sep 2012 00:00:00 -0400 dotCMS template permissions allow arbitrary code execution http://dotcms.com/security/SI-3 http://dotcms.com/security/SI-3 Fri, 13 Apr 2012 00:00:00 -0400 Cookies do not require SSL http://dotcms.com/security/SI-2 http://dotcms.com/security/SI-2 Mon, 6 Jun 2011 11:45:00 -0400 Problem with XSS attack on 404 page http://dotcms.com/security/SI-1 http://dotcms.com/security/SI-1 Mon, 7 Feb 2011 00:00:00 -0500