CVE-2012-1826

dotCMS 1.9 before 1.9.5.1 allows remote authenticated users to execute arbitrary Java code via a crafted (1) XSLT or (2) Velocity template.

🔗 References (16)

• cret@certhttp://dotcms.com/dotCMSVersions/
• cret@certhttp://osvdb.org/82240
• cret@certhttp://secunia.com/advisories/49276
• cret@certhttp://www.kb.cert.org/vuls/id/898083
• cret@certhttp://www.securityfocus.com/bid/53688
• cret@certhttps://gist.github.com/2627440
• cret@certhttps://github.com/dotCMS/dotCMS/issues/261
• cret@certhttps://github.com/dotCMS/dotCMS/issues/281
• af854a3a-2127-422b-91ae-364da2661108http://dotcms.com/dotCMSVersions/
• af854a3a-2127-422b-91ae-364da2661108http://osvdb.org/82240
• af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/49276
• af854a3a-2127-422b-91ae-364da2661108http://www.kb.cert.org/vuls/id/898083
• af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/53688
• af854a3a-2127-422b-91ae-364da2661108https://gist.github.com/2627440
• af854a3a-2127-422b-91ae-364da2661108https://github.com/dotCMS/dotCMS/issues/261