CVE-2013-3484

{"id": "CVE-2013-3484", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}]}, "published": "2014-04-02T16:17:06.837", "references": [{"url": "http://dotcms.com/security/SI-14", "tags": ["Exploit", "Vendor Advisory"], "source": "PSIRT-CNA@flexerasoftware.com"}, {"url": "http://secunia.com/advisories/53265", "tags": ["Vendor Advisory"], "source": "PSIRT-CNA@flexerasoftware.com"}, {"url": "https://github.com/dotCMS/dotCMS/issues/2949", "source": "PSIRT-CNA@flexerasoftware.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "Multiple cross-site scripting (XSS) vulnerabilities in dotCMS before 2.3.2 allow remote attackers to inject arbitrary web script or HTML via the (1) _loginUserName parameter to application/login/login.html, (2) my_account_login parameter to c/portal_public/login, or (3) email parameter to forgotPassword."}, {"lang": "es", "value": "M\u00faltiples vulnerabilidades de XSS en dotCMS anterior a 2.3.2 permiten a atacantes remotos inyectar script Web o HTML arbitrarios a trav\u00e9s del (1) par\u00e1metro _loginUserName hacia application/login/login.html, (2) par\u00e1metro my_account_login hacia c/portal_public/login o (3) par\u00e1metro email hacia forgotPassword."}], "lastModified": "2014-04-03T15:13:30.847", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:dotcms:dotcms:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "80A56156-7AFC-48A7-AF7F-9963A87E5ED4", "versionEndIncluding": "2.3.1"}, {"criteria": "cpe:2.3:a:dotcms:dotcms:1.9.5.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B65D0FCA-6BE7-46E1-AE24-86BFEA79D2E8"}, {"criteria": "cpe:2.3:a:dotcms:dotcms:2.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6EF64AEE-4972-4191-9377-EC0CF8DB986B"}, {"criteria": "cpe:2.3:a:dotcms:dotcms:2.0.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EDF66201-ED3F-4CF3-B009-6109D0EFB515"}, {"criteria": "cpe:2.3:a:dotcms:dotcms:2.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "420424CF-4464-4556-A229-27DAD6896206"}, {"criteria": "cpe:2.3:a:dotcms:dotcms:2.1.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2E8548B4-26AC-4491-BEAE-F05AFBD014C0"}, {"criteria": "cpe:2.3:a:dotcms:dotcms:2.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F0EA0C69-F2D1-4E37-852D-1CDC7805584F"}, {"criteria": "cpe:2.3:a:dotcms:dotcms:2.2.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7C4DE8A1-3E0C-46EE-BF31-4D1A1A4A95ED"}, {"criteria": "cpe:2.3:a:dotcms:dotcms:2.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D300E3B6-5AEE-48FC-BE41-8B149D3C00E3"}], "operator": "OR"}]}], "sourceIdentifier": "PSIRT-CNA@flexerasoftware.com"}