2 matches found
CVE-2014-0336
The CVE-2014-0336 issue affects Serena Dimensions CM 12.2 Build 7.199.0 web client (and possibly earlier) and is caused by a cross-site request forgery (CSRF) vulnerability in the web client. An attacker can craft a malicious URI to perform actions in an administrator’s session via the user_new_m...
CVE-2014-0335
Serena Dimensions CM 12.2 Build 7.199.0 web client contains multiple cross-site scripting vulnerabilities (CWE-79). Exploitable via unauthenticated vectors in parameters such as DB_CONN, DB_NAME, DM_HOST, MAN_DB_NAME, framecmd, identifier, merant.adm.adapters.AdmDialogPropertyMgr, nav_frame, nav_...