CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

4 matches found

OSV•added 2016/04/18 3:59 p.m.•5 views

CVE-2016-3971

Cross-site scripting XSS vulnerability in lucenesearch.jsp in dotCMS before 3.5.1 allows remote attackers to inject arbitrary web script or HTML via the query parameter to c/portal/layout...

4.8CVSS5.1AI score

Exploits0References2

NVD•added 2016/04/18 3:59 p.m.•11 views

CVE-2016-3971

Cross-site scripting XSS vulnerability in lucenesearch.jsp in dotCMS before 3.5.1 allows remote attackers to inject arbitrary web script or HTML via the query parameter to c/portal/layout...

4.8CVSS5AI score0.00659EPSS

Exploits1References2

Cvelist•added 2016/04/18 3:0 p.m.•21 views

CVE-2016-3971

Cross-site scripting XSS vulnerability in lucenesearch.jsp in dotCMS before 3.5.1 allows remote attackers to inject arbitrary web script or HTML via the query parameter to c/portal/layout...

5.3AI score0.00659EPSS

Exploits1References2

CVE•added 2016/04/18 3:0 p.m.•43 views

CVE-2016-3971

CVE-2016-3971 describes an XSS vulnerability in dotCMS where a crafted value in the query parameter to c/portal/layout is reflected by lucene_search.jsp. Affected product: dotCMS, versions before 3.5.1. Root cause: cross-site scripting due to improper handling of user-supplied input. Impact: pote...

4.8CVSS5.6AI score0.00659EPSS

Exploits1References2Affected Software1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by