exploitDog

CVE-2014-0335

Опубликовано: 06 мар. 2014

Источник: nvd

CVSS2: 4.3

EPSS Низкий

Описание

Multiple cross-site scripting (XSS) vulnerabilities in the web client in Serena Dimensions CM 12.2 build 7.199.0 allow remote attackers to inject arbitrary web script or HTML via the (1) DB_CONN, (2) DB_NAME, (3) DM_HOST, (4) MAN_DB_NAME, (5) framecmd, (6) identifier, (7) merant.adm.adapters.AdmDialogPropertyMgr, (8) nav_frame, (9) nav_jsp, (10) target_frame, (11) id, or (12) type parameter to the dimensions/ URI.

Ссылки

http://www.kb.cert.org/vuls/id/823452
US Government Resource
http://www.kb.cert.org/vuls/id/823452
US Government Resource

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:serena:dimensions_cm:12.2:build7.199.0:*:*:*:*:*:*

EPSS

Процентиль: 72%

0.00708

Низкий

4.3 Medium

CVSS2

Дефекты

CWE-79

Связанные уязвимости

GHSA-68f8-vc6x-9538

github

больше 3 лет назад

Multiple cross-site scripting (XSS) vulnerabilities in the web client in Serena Dimensions CM 12.2 build 7.199.0 allow remote attackers to inject arbitrary web script or HTML via the (1) DB_CONN, (2) DB_NAME, (3) DM_HOST, (4) MAN_DB_NAME, (5) framecmd, (6) identifier, (7) merant.adm.adapters.AdmDialogPropertyMgr, (8) nav_frame, (9) nav_jsp, (10) target_frame, (11) id, or (12) type parameter to the dimensions/ URI.

EPSS

Процентиль: 72%

0.00708

Низкий

4.3 Medium

CVSS2

Дефекты

CWE-79