CVE-2012-1826

Published: Jun 8, 2012Modified: Apr 29, 2026

6.0

Vector

AV:N/AC:M/Au:S/C:P/I:P/A:P

Exploitability: 6.8 / Impact: 6.4

Source: NVD

Description

dotCMS 1.9 before 1.9.5.1 allows remote authenticated users to execute arbitrary Java code via a crafted (1) XSLT or (2) Velocity template.

Affected (2)

Products: Dotcms: Dotcms

1 product

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Dotcms Dotcms	Version 1.9.2.1
Dotcms Dotcms	Version 1.9

Related CWEs

References (16)

http://dotcms.com/dotCMSVersions/

Source: cret@cert.org

http://osvdb.org/82240

Source: cret@cert.org

http://secunia.com/advisories/49276

Source: cret@cert.org

http://www.kb.cert.org/vuls/id/898083

Source: cret@cert.org

US Government Resource

http://www.securityfocus.com/bid/53688

Source: cret@cert.org

https://gist.github.com/2627440

Source: cret@cert.org

https://github.com/dotCMS/dotCMS/issues/261

Source: cret@cert.org

https://github.com/dotCMS/dotCMS/issues/281

Source: cret@cert.org

http://dotcms.com/dotCMSVersions/

Source: af854a3a-2127-422b-91ae-364da2661108

http://osvdb.org/82240

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/49276

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.kb.cert.org/vuls/id/898083

Source: af854a3a-2127-422b-91ae-364da2661108

US Government Resource

http://www.securityfocus.com/bid/53688

Source: af854a3a-2127-422b-91ae-364da2661108

https://gist.github.com/2627440

Source: af854a3a-2127-422b-91ae-364da2661108

https://github.com/dotCMS/dotCMS/issues/261

Source: af854a3a-2127-422b-91ae-364da2661108

https://github.com/dotCMS/dotCMS/issues/281

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.