CVE-2024-3938

Опубликовано: 25 июл. 2024

Источник: nvd

CVSS3: 5.4

CVSS3: 6.1

EPSS Низкий

Описание

The "reset password" login page accepted an HTML injection via URL parameters.

This has already been rectified via patch, and as such it cannot be demonstrated via Demo site link. Those interested to see the vulnerability may spin up a http://localhost:8082/dotAdmin/#/public/login?resetEmailSent=true&resetEmail=%3Ch1%3E%3Ca%20href%3D%22https:%2F%2Fgoogle.com%22%3ECLICK%20ME%3C%2Fa%3E%3C%2Fh1%3E

This will result in a view along these lines:

OWASP Top 10 - A03: Injection
CVSS Score: 5.4
AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator
https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N&... https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator

Ссылки

https://www.dotcms.com/security/SI-71
Vendor Advisory
https://www.dotcms.com/security/SI-71
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:dotcms:dotcms:*:*:*:*:*:*:*:*

Версия от 5.1.5 (включая) до 23.01.18 (исключая)

cpe:2.3:a:dotcms:dotcms:*:*:*:*:*:*:*:*

Версия от 23.02 (включая) до 23.09.7 (включая)

cpe:2.3:a:dotcms:dotcms:*:*:*:*:*:*:*:*

Версия от 23.12.21 (включая) до 24.04.23 (включая)

cpe:2.3:a:dotcms:dotcms:*:*:*:*:*:*:*:*

Версия от 24.05.13 (включая) до 24.05.31 (исключая)

cpe:2.3:a:dotcms:dotcms:23.10.24:1:*:*:lts:*:*:*

cpe:2.3:a:dotcms:dotcms:23.10.24:10:*:*:lts:*:*:*

cpe:2.3:a:dotcms:dotcms:23.10.24:2:*:*:lts:*:*:*

cpe:2.3:a:dotcms:dotcms:23.10.24:3:*:*:lts:*:*:*

cpe:2.3:a:dotcms:dotcms:23.10.24:4:*:*:lts:*:*:*

cpe:2.3:a:dotcms:dotcms:23.10.24:5:*:*:lts:*:*:*

cpe:2.3:a:dotcms:dotcms:23.10.24:6:*:*:lts:*:*:*

cpe:2.3:a:dotcms:dotcms:23.10.24:7:*:*:lts:*:*:*

cpe:2.3:a:dotcms:dotcms:23.10.24:8:*:*:lts:*:*:*

cpe:2.3:a:dotcms:dotcms:23.10.24:9:*:*:lts:*:*:*

cpe:2.3:a:dotcms:dotcms:23.10.24.0:*:*:*:lts:*:*:*

cpe:2.3:a:dotcms:dotcms:24.04.24:-:*:*:*:*:*:*

cpe:2.3:a:dotcms:dotcms:24.04.24:0:*:*:lts:*:*:*

cpe:2.3:a:dotcms:dotcms:24.04.24:1:*:*:lts:*:*:*

cpe:2.3:a:dotcms:dotcms:24.04.24:2:*:*:lts:*:*:*

cpe:2.3:a:dotcms:dotcms:24.04.24:3:*:*:lts:*:*:*

EPSS

Процентиль: 72%

0.00701

Низкий

5.4 Medium

CVSS3

6.1 Medium

CVSS3

Дефекты

CWE-20

CWE-79

Связанные уязвимости

GHSA-whww-hhj9-9f35

CVSS3: 5.4

github

больше 1 года назад

The "reset password" login page accepted an HTML injection via URL parameters. This has already been rectified via patch, and as such it cannot be demonstrated via Demo site link. Those interested to see the vulnerability may spin up a http://localhost:8082/dotAdmin/#/public/login?resetEmailSent=true&resetEmail=%3Ch1%3E%3Ca%20href%3D%22https:%2F%2Fgoogle.com%22%3ECLICK%20ME%3C%2Fa%3E%3C%2Fh1%3E This will result in a view along these lines: * OWASP Top 10 - A03: Injection * CVSS Score: 5.4 * AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator * https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N&... https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator

EPSS

Процентиль: 72%

0.00701

Низкий

5.4 Medium

CVSS3

6.1 Medium

CVSS3

Дефекты

CWE-20

CWE-79