{"id":"CVE-2019-11846","details":"/servlets/ajax_file_upload?fieldName=binary3 in dotCMS 5.1.1 allows XSS and HTML Injection.","modified":"2026-04-10T04:11:56.852260Z","published":"2019-05-14T18:29:00.407Z","references":[{"type":"EVIDENCE","url":"http://packetstormsecurity.com/files/152788/dotCMS-5.1.1-HTML-Injection.html"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/dotcms/core","events":[{"introduced":"0"},{"last_affected":"f29c13b2778b1e7aef004b301452de3cdd613e26"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"5.1.1"}]}}],"versions":["3.0","3.5","3.5_Preview01","3.5_Preview02","3.6.0","5.1.0","5.1.1","pre3.5buildrevert"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-11846.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}]}