Lucene search
K

CVE-2024-3938

🗓️ 25 Jul 2024 21:17:49Reported by dotCMSType 
cve
 cve
🔗 web.nvd.nist.gov👁 49 Views🌐 WEB

The "reset password" page allowed HTML injection via URL parameter

Related
Detection
Affected
Refs
Paths
ReporterTitlePublishedViews
Family
Circl
CVE-2024-3938
26 Jul 202401:16
circl
CNNVD
DotCMS 安全漏洞
25 Jul 202400:00
cnnvd
Cvelist
CVE-2024-3938
25 Jul 202421:17
cvelist
EUVD
EUVD-2024-32505
3 Oct 202520:07
euvd
NVD
CVE-2024-3938
25 Jul 202422:15
nvd
Positive Technologies
PT-2024-28478 · Dotadmin · Dotadmin
25 Jul 202400:00
ptsecurity
RedhatCVE
CVE-2024-3938
23 May 202509:25
redhatcve
Vulnrichment
CVE-2024-3938
25 Jul 202421:17
vulnrichment
NVD
Node
dotcmsdotcmsRange5.1.523.01.18
OR
dotcmsdotcmsRange23.0223.09.7
OR
dotcmsdotcmsRange23.12.2124.04.23
OR
dotcmsdotcmsRange24.05.1324.05.31
OR
dotcmsdotcmsMatch23.10.241lts
OR
dotcmsdotcmsMatch23.10.2410lts
OR
dotcmsdotcmsMatch23.10.242lts
OR
dotcmsdotcmsMatch23.10.243lts
OR
dotcmsdotcmsMatch23.10.244lts
OR
dotcmsdotcmsMatch23.10.245lts
OR
dotcmsdotcmsMatch23.10.246lts
OR
dotcmsdotcmsMatch23.10.247lts
OR
dotcmsdotcmsMatch23.10.248lts
OR
dotcmsdotcmsMatch23.10.249lts
OR
dotcmsdotcmsMatch23.10.24.0lts
OR
dotcmsdotcmsMatch24.04.24-
OR
dotcmsdotcmsMatch24.04.240lts
OR
dotcmsdotcmsMatch24.04.241lts
OR
dotcmsdotcmsMatch24.04.242lts
OR
dotcmsdotcmsMatch24.04.243lts
[
  {
    "defaultStatus": "unaffected",
    "product": "dotCMS core",
    "vendor": "dotCMS",
    "versions": [
      {
        "status": "affected",
        "version": "5.1.5 and after"
      }
    ]
  }
]
ParameterPositionPathDescriptionCWE
resetEmailquery paramdotAdmin/#/public/login?resetEmailSent=true&resetEmail=%3Ch1%3E%3Ca%20href%3D%22https:%2F%2Fgoogle.com%22%3ECLICK%20ME%3C%2Fa%3E%3C%2Fh1%3EHTML injection via URL parameter on the reset password login page (demonstrated through resetEmail parameter).CWE-79CWE-20
resetEmailSentquery paramdotAdmin/#/public/login?resetEmailSent=true&resetEmail=%3Ch1%3E%3Ca%20href%3D%22https:%2F%2Fgoogle.com%22%3ECLICK%20ME%3C%2Fa%3E%3C%2Fh1%3EHTML injection via URL parameter on the reset password login page (demonstrated through resetEmail parameter).CWE-79CWE-20

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

17 Jun 2026 07:45Current
6.8Medium risk
Vulners AI Score6.8
CVSS 3.15.4 - 6.1
EPSS0.00239
SSVC
49