Lucene search

CVE-2013-3484

🗓️ 02 Apr 2014 16:06:17Reported by flexeraType

cve🔗 web.nvd.nist.gov👁 22 Views🌐 WEB

Multiple XSS vulnerabilities in dotCMS before 2.3.2 allow remote attackers to inject arbitrary web script or HTML

Reporter	Title	Published	Views	Family All 4
Prion	Cross site scripting	2 Apr 201416:17	–	prion
NVD	CVE-2013-3484	2 Apr 201416:17	–	nvd
Cvelist	CVE-2013-3484	2 Apr 201415:00	–	cvelist
OpenVAS	DotCMS Multiple Login Page Cross Site Scripting Vulnerabilities	13 May 201400:00	–	openvas

Nvd

Node

dotcms dotcmsRange≤2.3.1

dotcms dotcmsMatch1.9.5.1

dotcms dotcmsMatch2.0

dotcms dotcmsMatch2.0.1

dotcms dotcmsMatch2.1

dotcms dotcmsMatch2.1.1

dotcms dotcmsMatch2.2

dotcms dotcmsMatch2.2.1

dotcms dotcmsMatch2.3

Source	Link
github	www.github.com/dotCMS/dotCMS/issues/2949
dotcms	www.dotcms.com/security/SI-14
secunia	www.secunia.com/advisories/53265

Parameter	Position	Path	Description	CWE
_loginUserName	query param	/application/login/login.html	Cross-site scripting vulnerability allowing arbitrary web script or HTML injection.	CWE-79
my_account_login	query param	/c/portal_public/login	Cross-site scripting vulnerability allowing arbitrary web script or HTML injection.	CWE-79
email	query param	/forgotPassword	Cross-site scripting vulnerability allowing arbitrary web script or HTML injection.	CWE-79

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

02 Apr 2014 16:17Current

5.9Medium risk

Vulners AI Score5.9

CVSS24.3

EPSS0.00249

CWE-79