Cross Site Scripting vulnerability in DOraCMS v.2.18 and before allows a remote attacker to execute arbitrary code via the markdown0 function in the /app/public/apidoc/oas3/wrap-components/markdown.jsx endpoint.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:HHtml Js Doracms
APPHtml-Js≤ 2.18
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
RCEXSS
CWE
Related vulnerabilities
CVE-2023-51840CRITICAL9.8PL ✓ten sam produkt
DoraCMS 2.1.8 — użycie zakodowanego na stałe klucza kryptograficznego
CVE-2023-49443CRITICAL9.8PL ✓ten sam produkt
DoraCMS – podatność na atak brute-force przez ponowne użycie kodu weryfikacyjnego
CVE-2022-35147CRITICAL9.8ten sam produkt
DoraCMS v2.18 and earlier allows attackers to bypass login authentication via a crafted HTTP request.
CVE-2020-18220HIGH7.5ten sam produkt
Weak Encoding for Password in DoraCMS v2.1.1 and earlier allows attackers to obtain sensitive information as i...
CVE-2026-3794MEDIUM5.5ten sam produkt
A vulnerability was identified in doramart DoraCMS 3.0.x. This issue affects some unknown processing of the fi...