dotcms security advisories

3 threat alerts tracking vulnerabilities and security advisories that affect dotcms products.

Vulnios monitors dotcms CVE feeds, vendor advisories, CISA KEV listings, and exploit-prediction data continuously. Each alert below is enriched with severity, exploitation status, affected products, and a remediation path. Use this page to scan recent dotcms security news in one place, or click into an individual alert for full detail.

Critical Vulnerability: CVE-2016-2355 — dotcms — dotcms
SQL injection vulnerability in the REST API in dotCMS before 3.3.2 allows remote attackers to execute arbitrary SQL commands via the stName parameter to api/content/save/1.
criticalCVE-2016-2355
Critical Vulnerability: CVE-2016-8902 — dotcms — dotcms
SQL injection vulnerability in the categoriesServlet servlet in dotCMS before 3.3.1 allows remote not authenticated attackers to execute arbitrary SQL commands via the sort parameter.
criticalCVE-2016-8902
Critical Vulnerability: CVE-2017-5344 — dotcms — dotcms
An issue was discovered in dotCMS through 3.6.1. The findChildrenByFilter() function which is called by the web accessible path /categoriesServlet performs string interpolation and direct SQL query ex
criticalCVE-2017-5344

Track dotcms exposure across your environment

Vulnios automatically cross-references your asset inventory against new dotcms CVEs and surfaces only what affects you. No more sifting manually — actionable findings only.

Start a free scan

dotcms security advisories

Critical Vulnerability: CVE-2016-2355 — dotcms — dotcms

Critical Vulnerability: CVE-2016-8902 — dotcms — dotcms

Critical Vulnerability: CVE-2017-5344 — dotcms — dotcms

Track dotcms exposure across your environment