CVE-2024-3938

The "reset password" login page accepted an HTML injection via URL parameters. This has already been rectified via patch, and as such it cannot be demonstrated via Demo site link. Those interested to see the vulnerability may spin up a http://localhost:8082/dotAdmin/#/public/login?resetEmailSent=true&resetEmail=%3Ch1%3E%3Ca%20href%3D%22https:%2F%2Fgoogle.com%22%3ECLICK%20ME%3C%2Fa%3E%3C%2Fh1%3E This will result in a view along these lines: * OWASP Top 10 - A03: Injection * CVSS Score: 5.4 * AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator * https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N&... https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator

CVSS v3 5.4 MEDIUM

5.4^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 2.5

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://www.dotcms.com/security/SI-71	Vendor Advisory
https://www.dotcms.com/security/SI-71	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:dotcms:dotcms::::::::
	cpe:2.3:a:dotcms:dotcms::::::::
	cpe:2.3:a:dotcms:dotcms::::::::
	cpe:2.3:a:dotcms:dotcms::::::::
	cpe:2.3:a:dotcms:dotcms:23.10.24:1:::lts:::*
	cpe:2.3:a:dotcms:dotcms:23.10.24:10:::lts:::*
	cpe:2.3:a:dotcms:dotcms:23.10.24:2:::lts:::*
	cpe:2.3:a:dotcms:dotcms:23.10.24:3:::lts:::*
	cpe:2.3:a:dotcms:dotcms:23.10.24:4:::lts:::*
	cpe:2.3:a:dotcms:dotcms:23.10.24:5:::lts:::*
	cpe:2.3:a:dotcms:dotcms:23.10.24:6:::lts:::*
	cpe:2.3:a:dotcms:dotcms:23.10.24:7:::lts:::*
	cpe:2.3:a:dotcms:dotcms:23.10.24:8:::lts:::*
	cpe:2.3:a:dotcms:dotcms:23.10.24:9:::lts:::*
	cpe:2.3:a:dotcms:dotcms:23.10.24.0::::lts:::
	cpe:2.3:a:dotcms:dotcms:24.04.24:-::::::
	cpe:2.3:a:dotcms:dotcms:24.04.24:0:::lts:::*
	cpe:2.3:a:dotcms:dotcms:24.04.24:1:::lts:::*
	cpe:2.3:a:dotcms:dotcms:24.04.24:2:::lts:::*
	cpe:2.3:a:dotcms:dotcms:24.04.24:3:::lts:::*

History

21 Nov 2024, 09:30

Type	Values Removed	Values Added
References	~~() https://www.dotcms.com/security/SI-71 - Vendor Advisory~~	() https://www.dotcms.com/security/SI-71 - Vendor Advisory
CVSS	v2 : ~~unknown~~ v3 : ~~6.1~~	v2 : unknown v3 : 5.4

13 Aug 2024, 14:09

Type	Values Removed	Values Added
CPE		cpe:2.3:a:dotcms:dotcms:24.04.24:2:::lts:::* cpe:2.3:a:dotcms:dotcms:24.04.24:1:::lts:::* cpe:2.3:a:dotcms:dotcms:23.10.24:2:::lts:::* cpe:2.3:a:dotcms:dotcms:23.10.24:10:::lts:::* cpe:2.3:a:dotcms:dotcms:23.10.24:3:::lts:::* cpe:2.3:a:dotcms:dotcms:23.10.24:6:::lts:::* cpe:2.3:a:dotcms:dotcms:23.10.24:1:::lts:::* cpe:2.3:a:dotcms:dotcms:23.10.24:7:::lts:::* cpe:2.3:a:dotcms:dotcms:24.04.24:-:::::: cpe:2.3:a:dotcms:dotcms:23.10.24:9:::lts:::* cpe:2.3:a:dotcms:dotcms:23.10.24:8:::lts:::* cpe:2.3:a:dotcms:dotcms:24.04.24:0:::lts:::* cpe:2.3:a:dotcms:dotcms:24.04.24:3:::lts:::* cpe:2.3:a:dotcms:dotcms:23.10.24.0::::lts::: cpe:2.3:a:dotcms:dotcms:23.10.24:5:::lts:::* cpe:2.3:a:dotcms:dotcms:::::::: cpe:2.3:a:dotcms:dotcms:23.10.24:4:::lts:::*
First Time		Dotcms Dotcms dotcms
CWE		CWE-79
References	~~() https://www.dotcms.com/security/SI-71 -~~	() https://www.dotcms.com/security/SI-71 - Vendor Advisory
CVSS	v2 : ~~unknown~~ v3 : ~~5.4~~	v2 : unknown v3 : 6.1

26 Jul 2024, 14:15

Type	Values Removed	Values Added
References	~~{'url': 'https://auth.dotcms.com/security/SI-71', 'source': 'security@dotcms.com'}~~	() https://www.dotcms.com/security/SI-71 -

26 Jul 2024, 12:38

Type	Values Removed	Values Added
Summary		(es) La página de inicio de sesión "reset password" aceptó una inyección de HTML a través de parámetros de URL. Esto ya se ha rectificado mediante un parche y, como tal, no se puede demostrar mediante el enlace del sitio de demostración. Aquellos interesados en ver la vulnerabilidad pueden activar un http://localhost:8082/dotAdmin/#/public/login?resetEmailSent=true&resetEmail=%3Ch1%3E%3Ca%20href%3D%22https:%2F%2Fgoogle.com% 22%3ECLICK%20ME%3C%2Fa%3E%3C%2Fh1%3E Esto dará como resultado una vista similar a estas líneas: * OWASP Top 10 - A03: Inyección * Puntuación CVSS: 5,4 * AV:N/AC:L/PR :N/UI:R/S:U/C:L/I:L/A:N https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator * https://nvd.nist. gov/vuln-metrics/cvss/v3-calculator?vector=AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N&... https: //nvd.nist.gov/vuln-metrics/cvss/v3-calculator

25 Jul 2024, 22:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-07-25 22:15

Updated : 2024-11-21 09:30

NVD link : CVE-2024-3938

Mitre link : CVE-2024-3938

CVE.ORG link : CVE-2024-3938

JSON object : View

Products Affected

dotcms

dotcms

CWE

CWE-20

Improper Input Validation

CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

{"id": "CVE-2024-3938", "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "security@dotcms.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.4, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 2.5, "exploitabilityScore": 2.8}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 6.1, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 2.7, "exploitabilityScore": 2.8}]}, "published": "2024-07-25T22:15:08.903", "references": [{"url": "https://www.dotcms.com/security/SI-71", "tags": ["Vendor Advisory"], "source": "security@dotcms.com"}, {"url": "https://www.dotcms.com/security/SI-71", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "security@dotcms.com", "description": [{"lang": "en", "value": "CWE-20"}]}, {"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "The \"reset password\" login page accepted an HTML injection via URL parameters.\n\nThis has already been rectified via patch, and as such it cannot be demonstrated via Demo site link. Those interested to see the vulnerability may spin up a http://localhost:8082/dotAdmin/#/public/login?resetEmailSent=true&resetEmail=%3Ch1%3E%3Ca%20href%3D%22https:%2F%2Fgoogle.com%22%3ECLICK%20ME%3C%2Fa%3E%3C%2Fh1%3E \n\nThis will result in a view along these lines:\n\n\n\n\n\n * OWASP Top 10 - A03: Injection\n * CVSS Score: 5.4\n * AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator \n * https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N&... https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator"}, {"lang": "es", "value": "La p\u00e1gina de inicio de sesi\u00f3n \"reset password\" acept\u00f3 una inyecci\u00f3n de HTML a trav\u00e9s de par\u00e1metros de URL. Esto ya se ha rectificado mediante un parche y, como tal, no se puede demostrar mediante el enlace del sitio de demostraci\u00f3n. Aquellos interesados en ver la vulnerabilidad pueden activar un http://localhost:8082/dotAdmin/#/public/login?resetEmailSent=true&resetEmail=%3Ch1%3E%3Ca%20href%3D%22https:%2F%2Fgoogle.com% 22%3ECLICK%20ME%3C%2Fa%3E%3C%2Fh1%3E Esto dar\u00e1 como resultado una vista similar a estas l\u00edneas: * OWASP Top 10 - A03: Inyecci\u00f3n * Puntuaci\u00f3n CVSS: 5,4 * AV:N/AC:L/PR :N/UI:R/S:U/C:L/I:L/A:N https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator * https://nvd.nist. gov/vuln-metrics/cvss/v3-calculator?vector=AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N&... https: //nvd.nist.gov/vuln-metrics/cvss/v3-calculator"}], "lastModified": "2024-11-21T09:30:44.540", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:dotcms:dotcms:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5D8CDD8C-0F92-4218-ACDB-C3E691F928AF", "versionEndExcluding": "23.01.18", "versionStartIncluding": "5.1.5"}, {"criteria": "cpe:2.3:a:dotcms:dotcms:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E85B4224-34E8-47CD-8F08-8B129868AF1F", "versionEndIncluding": "23.09.7", "versionStartIncluding": "23.02"}, {"criteria": "cpe:2.3:a:dotcms:dotcms:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6A6601A2-B008-44C9-A7C4-1DB2D613BD14", "versionEndIncluding": "24.04.23", "versionStartIncluding": "23.12.21"}, {"criteria": "cpe:2.3:a:dotcms:dotcms:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "379748A4-D76F-4402-9A4F-E509C6735285", "versionEndExcluding": "24.05.31", "versionStartIncluding": "24.05.13"}, {"criteria": "cpe:2.3:a:dotcms:dotcms:23.10.24:1:*:*:lts:*:*:*", "vulnerable": true, "matchCriteriaId": "33DBCA2A-D4E2-4AE6-B6E0-FD0A277266F4"}, {"criteria": "cpe:2.3:a:dotcms:dotcms:23.10.24:10:*:*:lts:*:*:*", "vulnerable": true, "matchCriteriaId": "DECC3919-5044-41AF-9AAA-A964027F51C1"}, {"criteria": "cpe:2.3:a:dotcms:dotcms:23.10.24:2:*:*:lts:*:*:*", "vulnerable": true, "matchCriteriaId": "342C11DD-7760-42AE-8670-4461ECB51E4C"}, {"criteria": "cpe:2.3:a:dotcms:dotcms:23.10.24:3:*:*:lts:*:*:*", "vulnerable": true, "matchCriteriaId": "90B73A81-7202-4B0B-822B-4F2EE4480663"}, {"criteria": "cpe:2.3:a:dotcms:dotcms:23.10.24:4:*:*:lts:*:*:*", "vulnerable": true, "matchCriteriaId": "0BFA7220-B846-451B-A7B2-C3DC87767575"}, {"criteria": "cpe:2.3:a:dotcms:dotcms:23.10.24:5:*:*:lts:*:*:*", "vulnerable": true, "matchCriteriaId": "258813CA-66A7-4DCA-883D-884FB88430DC"}, {"criteria": "cpe:2.3:a:dotcms:dotcms:23.10.24:6:*:*:lts:*:*:*", "vulnerable": true, "matchCriteriaId": "E69C8B72-A38C-4D97-83BB-DCE392D3ABD0"}, {"criteria": "cpe:2.3:a:dotcms:dotcms:23.10.24:7:*:*:lts:*:*:*", "vulnerable": true, "matchCriteriaId": "B5309F19-2D65-4E87-87FD-2A0294008FF5"}, {"criteria": "cpe:2.3:a:dotcms:dotcms:23.10.24:8:*:*:lts:*:*:*", "vulnerable": true, "matchCriteriaId": "CBAEE45C-234C-4E5C-86CF-4F71A457D6F7"}, {"criteria": "cpe:2.3:a:dotcms:dotcms:23.10.24:9:*:*:lts:*:*:*", "vulnerable": true, "matchCriteriaId": "FD553D7C-158F-489D-8C4C-8E2E056D52BA"}, {"criteria": "cpe:2.3:a:dotcms:dotcms:23.10.24.0:*:*:*:lts:*:*:*", "vulnerable": true, "matchCriteriaId": "9692C9DB-6111-4EE6-8DE8-1614DF87F365"}, {"criteria": "cpe:2.3:a:dotcms:dotcms:24.04.24:-:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EB1AD7A4-1F60-493C-8BB2-E13F44F3CCD6"}, {"criteria": "cpe:2.3:a:dotcms:dotcms:24.04.24:0:*:*:lts:*:*:*", "vulnerable": true, "matchCriteriaId": "EE62FB6F-DB41-47B4-B8F7-0B9C887781D5"}, {"criteria": "cpe:2.3:a:dotcms:dotcms:24.04.24:1:*:*:lts:*:*:*", "vulnerable": true, "matchCriteriaId": "395197BB-2613-43BA-9223-195461F993D3"}, {"criteria": "cpe:2.3:a:dotcms:dotcms:24.04.24:2:*:*:lts:*:*:*", "vulnerable": true, "matchCriteriaId": "72350E82-5B73-41A9-B3F1-8CA7BF389897"}, {"criteria": "cpe:2.3:a:dotcms:dotcms:24.04.24:3:*:*:lts:*:*:*", "vulnerable": true, "matchCriteriaId": "478A668F-DD76-4C0C-A444-A760C1AA5623"}], "operator": "OR"}]}], "sourceIdentifier": "security@dotcms.com"}

5.4 /10