Remote Code Execution vulnerability in PbootCMS 2.0.8 in the message board.

Crossi Site Scripting (XSS) vulnerability in PbootCMS 2.0.3 in admin.php.

Pbootcms v2.0.3 is vulnerable to Cross Site Scripting (XSS) via admin.php.

Cross Site Scripting (XSS) in dotCMS v5.1.5 allows remote attackers to execute arbitrary code by injecting a malicious payload into the "Task Detail" comment window of the "/dotAdmin/#/c/workflow" component.

PbootCMS 3.0.4 contains a SQL injection vulnerability through index.php via the search parameter that can reveal sensitive information through adding an admin account.

dotCMS before 20.10.1 allows SQL injection, as demonstrated by the /api/v1/containers orderby parameter. The PaginatorOrdered classes that are used to paginate results of a REST endpoints do not sanitize the orderBy parameter and in some cases it is vulnerable to SQL injection attacks. A user must be an authenticated manager in the dotCMS system to exploit this vulnerability.

DotCMS Add Template with admin panel 20.11 is affected by cross-site Scripting (XSS) to gain remote privileges. An attacker could compromise the security of a website or web application through a stored XSS attack and stealing cookies using XSS.

Cross-site request forgery (CSRF) in PbootCMS 1.3.2 allows attackers to change the password of a user.

An issue was discovered in PbootCMS. There is a SQL injection via the api.php/List/index order parameter.

An issue was discovered in PbootCMS. There is a SQL injection via the api.php/Cms/search order parameter.