Browse all 3 CVE security advisories affecting docCMS. AI-powered Chinese analysis, POCs, and references for each vulnerability.
docCMS is a content management system designed for creating and managing digital documentation. Historically, it has been susceptible to remote code execution, cross-site scripting, and privilege escalation vulnerabilities, often stemming from insufficient input validation and access control flaws. The platform has accumulated three CVEs to date, with notable incidents including authenticated RCE through improper file handling and stored XSS vulnerabilities in comment functionality. Security assessments reveal inconsistent sanitization practices and inadequate session management, which have contributed to its vulnerability profile. Organizations implementing docCMS should prioritize timely patching and harden configurations against common web attack vectors.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2017-3187 | The dotCMS administration panel, versions 3.7.1 and earlier, are vulnerable to cross-site request forgery — Administration PanelCWE-352 | 8.8 | - | 2018-07-24 |
| CVE-2017-3188 | The dotCMS administration panel, versions 3.7.1 and earlier, "Push Publishing" feature in Enterprise Pro is vulnerable to path traversal — Administration PanelCWE-22 | 7.5 | - | 2018-07-24 |
| CVE-2017-3189 | The dotCMS administration panel, versions 3.7.1 and earlier, "Push Publishing" feature in Enterprise Pro is vulnerable to arbitrary file upload — Administration PanelCWE-434 | 8.1 | - | 2018-07-24 |
This page lists every published CVE security advisory associated with docCMS. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.