RSS   Vulnerabilities for 'Doracms'   RSS

2023-12-08
 
CVE-2023-49443

CWE-307
 

 
DoraCMS v2.1.8 was discovered to re-use the same code for verification of valid usernames and passwords. This vulnerability allows attackers to gain access to the application via a bruteforce attack.

 
 
CVE-2023-49444

CWE-79
 

 
An arbitrary file upload vulnerability in DoraCMS v2.1.8 allow attackers to execute arbitrary code via uploading a crafted HTML or image file to the user avatar.

 
2022-03-20
 
CVE-2022-25464

CWE-79
 

 
A stored cross-site scripting (XSS) vulnerability in the component /admin/contenttemp of DoraCMS v2.1.8 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.

 
2021-05-20
 
CVE-2020-18220

CWE-326
 

 
Weak Encoding for Password in DoraCMS v2.1.1 and earlier allows attackers to obtain sensitive information as it does not use a random salt or IV for its AES-CBC encryption, causes password encrypted for users to be susceptible to dictionary attacks.

 
2018-09-06
 
CVE-2018-16622

CWE-79
 

 
Multiple cross-site scripting (XSS) vulnerabilities in /api/content/addOne in DoraCMS v2.0.3 allow remote attackers to inject arbitrary web script or HTML via the (1) discription or (2) comments field, related to users/userAddContent.

 


Copyright 2024, cxsecurity.com

 

Back to Top