Back to search
CVE-2012-1826
Published: Jun 8, 2012
Modified: Aug 6, 2024
PUBLISHED
Description
dotCMS 1.9 before 1.9.5.1 allows remote authenticated users to execute arbitrary Java code via a crafted (1) XSLT or (2) Velocity template.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
53688
vdb-entry
x_refsource_BID
http://dotcms.com/dotCMSVersions/
x_refsource_CONFIRM
VU#898083
third-party-advisory
x_refsource_CERT-VN
https://github.com/dotCMS/dotCMS/issues/281
x_refsource_CONFIRM
https://github.com/dotCMS/dotCMS/issues/261
x_refsource_CONFIRM
82240
vdb-entry
x_refsource_OSVDB
49276
third-party-advisory
x_refsource_SECUNIA
https://gist.github.com/2627440
x_refsource_CONFIRM
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now