CVE-2023-49443 — CVSS 9.8 (critical): DoraCMS v2.1.8 was discovered to re-use the same code for verification of valid usernames and passwords. This vulnerability allows…
CVE-2024-28715 — CVSS 8.8 (high): Cross Site Scripting vulnerability in DOraCMS v.2.18 and before allows a remote attacker to execute arbitrary code via the markdown0…
CVE-2020-18220 — CVSS 7.5 (high): Weak Encoding for Password in DoraCMS v2.1.1 and earlier allows attackers to obtain sensitive information as it does not use a random salt…
CVE-2026-3794 — CVSS 7.3 (high): A vulnerability was identified in doramart DoraCMS 3.0.x. This issue affects some unknown processing of the file /api/v1/mail/send of the…
CVE-2026-3795 — CVSS 6.3 (medium): A security flaw has been discovered in doramart DoraCMS 3.0.x. Impacted is the function createFileBypath of the file /DoraCMS/server/app/rou…
CVE-2023-49444 — CVSS 5.4 (medium): An arbitrary file upload vulnerability in DoraCMS v2.1.8 allow attackers to execute arbitrary code via uploading a crafted HTML or image…
CVE-2018-16622 — CVSS 5.4 (medium): Multiple cross-site scripting (XSS) vulnerabilities in /api/content/addOne in DoraCMS v2.0.3 allow remote attackers to inject arbitrary web…
CVE-2022-25464 — CVSS 4.8 (medium): A stored cross-site scripting (XSS) vulnerability in the component /admin/contenttemp of DoraCMS v2.1.8 allows attackers to execute…