FKIE_CVE-2024-3938

Vulnerability from fkie_nvd - Published: 2024-07-25 22:15 - Updated: 2024-11-21 09:30
Severity ?
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Summary
The "reset password" login page accepted an HTML injection via URL parameters. This has already been rectified via patch, and as such it cannot be demonstrated via Demo site link. Those interested to see the vulnerability may spin up a http://localhost:8082/dotAdmin/#/public/login?resetEmailSent=true&resetEmail=%3Ch1%3E%3Ca%20href%3D%22https:%2F%2Fgoogle.com%22%3ECLICK%20ME%3C%2Fa%3E%3C%2Fh1%3E This will result in a view along these lines: * OWASP Top 10 - A03: Injection * CVSS Score: 5.4 * AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator * https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N&... https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator
References
security@dotcms.comhttps://www.dotcms.com/security/SI-71Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.dotcms.com/security/SI-71Vendor Advisory
Impacted products
Vendor Product Version
dotcms dotcms *
dotcms dotcms *
dotcms dotcms *
dotcms dotcms *
dotcms dotcms 23.10.24
dotcms dotcms 23.10.24
dotcms dotcms 23.10.24
dotcms dotcms 23.10.24
dotcms dotcms 23.10.24
dotcms dotcms 23.10.24
dotcms dotcms 23.10.24
dotcms dotcms 23.10.24
dotcms dotcms 23.10.24
dotcms dotcms 23.10.24
dotcms dotcms 23.10.24.0
dotcms dotcms 24.04.24
dotcms dotcms 24.04.24
dotcms dotcms 24.04.24
dotcms dotcms 24.04.24
dotcms dotcms 24.04.24
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:dotcms:dotcms:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "5D8CDD8C-0F92-4218-ACDB-C3E691F928AF",
              "versionEndExcluding": "23.01.18",
              "versionStartIncluding": "5.1.5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:dotcms:dotcms:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E85B4224-34E8-47CD-8F08-8B129868AF1F",
              "versionEndIncluding": "23.09.7",
              "versionStartIncluding": "23.02",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:dotcms:dotcms:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "6A6601A2-B008-44C9-A7C4-1DB2D613BD14",
              "versionEndIncluding": "24.04.23",
              "versionStartIncluding": "23.12.21",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:dotcms:dotcms:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "379748A4-D76F-4402-9A4F-E509C6735285",
              "versionEndExcluding": "24.05.31",
              "versionStartIncluding": "24.05.13",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:dotcms:dotcms:23.10.24:1:*:*:lts:*:*:*",
              "matchCriteriaId": "33DBCA2A-D4E2-4AE6-B6E0-FD0A277266F4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:dotcms:dotcms:23.10.24:10:*:*:lts:*:*:*",
              "matchCriteriaId": "DECC3919-5044-41AF-9AAA-A964027F51C1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:dotcms:dotcms:23.10.24:2:*:*:lts:*:*:*",
              "matchCriteriaId": "342C11DD-7760-42AE-8670-4461ECB51E4C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:dotcms:dotcms:23.10.24:3:*:*:lts:*:*:*",
              "matchCriteriaId": "90B73A81-7202-4B0B-822B-4F2EE4480663",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:dotcms:dotcms:23.10.24:4:*:*:lts:*:*:*",
              "matchCriteriaId": "0BFA7220-B846-451B-A7B2-C3DC87767575",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:dotcms:dotcms:23.10.24:5:*:*:lts:*:*:*",
              "matchCriteriaId": "258813CA-66A7-4DCA-883D-884FB88430DC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:dotcms:dotcms:23.10.24:6:*:*:lts:*:*:*",
              "matchCriteriaId": "E69C8B72-A38C-4D97-83BB-DCE392D3ABD0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:dotcms:dotcms:23.10.24:7:*:*:lts:*:*:*",
              "matchCriteriaId": "B5309F19-2D65-4E87-87FD-2A0294008FF5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:dotcms:dotcms:23.10.24:8:*:*:lts:*:*:*",
              "matchCriteriaId": "CBAEE45C-234C-4E5C-86CF-4F71A457D6F7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:dotcms:dotcms:23.10.24:9:*:*:lts:*:*:*",
              "matchCriteriaId": "FD553D7C-158F-489D-8C4C-8E2E056D52BA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:dotcms:dotcms:23.10.24.0:*:*:*:lts:*:*:*",
              "matchCriteriaId": "9692C9DB-6111-4EE6-8DE8-1614DF87F365",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:dotcms:dotcms:24.04.24:-:*:*:*:*:*:*",
              "matchCriteriaId": "EB1AD7A4-1F60-493C-8BB2-E13F44F3CCD6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:dotcms:dotcms:24.04.24:0:*:*:lts:*:*:*",
              "matchCriteriaId": "EE62FB6F-DB41-47B4-B8F7-0B9C887781D5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:dotcms:dotcms:24.04.24:1:*:*:lts:*:*:*",
              "matchCriteriaId": "395197BB-2613-43BA-9223-195461F993D3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:dotcms:dotcms:24.04.24:2:*:*:lts:*:*:*",
              "matchCriteriaId": "72350E82-5B73-41A9-B3F1-8CA7BF389897",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:dotcms:dotcms:24.04.24:3:*:*:lts:*:*:*",
              "matchCriteriaId": "478A668F-DD76-4C0C-A444-A760C1AA5623",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The \"reset password\" login page accepted an HTML injection via URL parameters.\n\nThis has already been rectified via patch, and as such it cannot be demonstrated via Demo site link. Those interested to see the vulnerability may spin up a  http://localhost:8082/dotAdmin/#/public/login?resetEmailSent=true\u0026resetEmail=%3Ch1%3E%3Ca%20href%3D%22https:%2F%2Fgoogle.com%22%3ECLICK%20ME%3C%2Fa%3E%3C%2Fh1%3E \n\nThis will result in a view along these lines:\n\n\n\n\n\n  *  OWASP Top 10 - A03: Injection\n  *  CVSS Score: 5.4\n  *   AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator \n  *   https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N\u0026... https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator"
    },
    {
      "lang": "es",
      "value": "La p\u00e1gina de inicio de sesi\u00f3n \"reset password\" acept\u00f3 una inyecci\u00f3n de HTML a trav\u00e9s de par\u00e1metros de URL. Esto ya se ha rectificado mediante un parche y, como tal, no se puede demostrar mediante el enlace del sitio de demostraci\u00f3n. Aquellos interesados en ver la vulnerabilidad pueden activar un http://localhost:8082/dotAdmin/#/public/login?resetEmailSent=true\u0026amp;resetEmail=%3Ch1%3E%3Ca%20href%3D%22https:%2F%2Fgoogle.com% 22%3ECLICK%20ME%3C%2Fa%3E%3C%2Fh1%3E Esto dar\u00e1 como resultado una vista similar a estas l\u00edneas: * OWASP Top 10 - A03: Inyecci\u00f3n * Puntuaci\u00f3n CVSS: 5,4 * AV:N/AC:L/PR :N/UI:R/S:U/C:L/I:L/A:N https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator * https://nvd.nist. gov/vuln-metrics/cvss/v3-calculator?vector=AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N\u0026amp;... https: //nvd.nist.gov/vuln-metrics/cvss/v3-calculator"
    }
  ],
  "id": "CVE-2024-3938",
  "lastModified": "2024-11-21T09:30:44.540",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 2.5,
        "source": "security@dotcms.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.1,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 2.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2024-07-25T22:15:08.903",
  "references": [
    {
      "source": "security@dotcms.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.dotcms.com/security/SI-71"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.dotcms.com/security/SI-71"
    }
  ],
  "sourceIdentifier": "security@dotcms.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        }
      ],
      "source": "security@dotcms.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.