CVE-2024-3938

The "reset password" login page accepted an HTML injection via URL parameters. This has already been rectified via patch, and as such it cannot be demonstrated via Demo site link. Those interested to see the vulnerability may spin up a http://localhost:8082/dotAdmin/#/public/login?resetEmailSent=true&resetEmail=%3Ch1%3E%3Ca%20href%3D%22https:%2F%2Fgoogle.com%22%3ECLICK%20ME%3C%2Fa%3E%3C%2Fh1%3E This will result in a view along these lines: * OWASP Top 10 - A03: Injection * CVSS Score: 5.4 * AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator * https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N&... https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator

CVSS v3.0 6.1 MEDIUM

6.1^/10

CVSS v3.0 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 2.7

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact NONE

Scope CHANGED

References

Link	Resource
https://www.dotcms.com/security/SI-71	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:dotcms:dotcms:23.10.24:2:::lts:::*
	cpe:2.3:a:dotcms:dotcms:23.10.24:3:::lts:::*
	cpe:2.3:a:dotcms:dotcms:23.10.24:4:::lts:::*
	cpe:2.3:a:dotcms:dotcms:23.10.24:5:::lts:::*
	cpe:2.3:a:dotcms:dotcms:23.10.24:6:::lts:::*
	cpe:2.3:a:dotcms:dotcms:23.10.24:7:::lts:::*
	cpe:2.3:a:dotcms:dotcms:23.10.24:8:::lts:::*
	cpe:2.3:a:dotcms:dotcms:23.10.24:9:::lts:::*
	cpe:2.3:a:dotcms:dotcms:23.10.24:10:::lts:::*
	cpe:2.3:a:dotcms:dotcms:23.10.24:1:::lts:::*
	cpe:2.3:a:dotcms:dotcms:23.10.24.0::::lts:::
	cpe:2.3:a:dotcms:dotcms::::::::
	cpe:2.3:a:dotcms:dotcms::::::::
	cpe:2.3:a:dotcms:dotcms:24.04.24:0:::lts:::*
	cpe:2.3:a:dotcms:dotcms:24.04.24:1:::lts:::*
	cpe:2.3:a:dotcms:dotcms:24.04.24:2:::lts:::*
	cpe:2.3:a:dotcms:dotcms:24.04.24:3:::lts:::*
	cpe:2.3:a:dotcms:dotcms:24.04.24:-::::::
	cpe:2.3:a:dotcms:dotcms::::::::
	cpe:2.3:a:dotcms:dotcms::::::::

History

13 Aug 2024, 14:09

Type	Values Removed	Values Added
References	~~() https://www.dotcms.com/security/SI-71 -~~	() https://www.dotcms.com/security/SI-71 - Vendor Advisory
First Time		Dotcms Dotcms dotcms
CPE		cpe:2.3:a:dotcms:dotcms:23.10.24:7:::lts:::* cpe:2.3:a:dotcms:dotcms:23.10.24:1:::lts:::* cpe:2.3:a:dotcms:dotcms:23.10.24:2:::lts:::* cpe:2.3:a:dotcms:dotcms:24.04.24:0:::lts:::* cpe:2.3:a:dotcms:dotcms:::::::: cpe:2.3:a:dotcms:dotcms:24.04.24:2:::lts:::* cpe:2.3:a:dotcms:dotcms:23.10.24:10:::lts:::* cpe:2.3:a:dotcms:dotcms:24.04.24:3:::lts:::* cpe:2.3:a:dotcms:dotcms:23.10.24:4:::lts:::* cpe:2.3:a:dotcms:dotcms:24.04.24:-:::::: cpe:2.3:a:dotcms:dotcms:23.10.24:9:::lts:::* cpe:2.3:a:dotcms:dotcms:23.10.24:5:::lts:::* cpe:2.3:a:dotcms:dotcms:23.10.24:3:::lts:::* cpe:2.3:a:dotcms:dotcms:23.10.24.0::::lts::: cpe:2.3:a:dotcms:dotcms:23.10.24:6:::lts:::* cpe:2.3:a:dotcms:dotcms:23.10.24:8:::lts:::* cpe:2.3:a:dotcms:dotcms:24.04.24:1:::lts:::*
CWE		CWE-79
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 6.1

26 Jul 2024, 14:15

Type	Values Removed	Values Added
References	~~{'url': 'https://auth.dotcms.com/security/SI-71', 'name': 'https://auth.dotcms.com/security/SI-71', 'tags': [], 'refsource': ''}~~	() https://www.dotcms.com/security/SI-71 -

25 Jul 2024, 22:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-07-25 22:15

Updated : 2024-08-13 14:09

NVD link : CVE-2024-3938

Mitre link : CVE-2024-3938

JSON object : View

Products Affected

dotcms

dotcms

CWE

CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

6.1 /10