CVE-2024-3938

The "reset password" login page accepted an HTML injection via URL parameters.

This has already been rectified via patch, and as such it cannot be demonstrated via Demo site link. Those interested to see the vulnerability may spin up a http://localhost:8082/dotAdmin/#/public/login?resetEmailSent=true&resetEmail=%3Ch1%3E%3Ca%20href%3D%22https:%2F%2Fgoogle.com%22%3ECLICK%20ME%3C%2Fa%3E%3C%2Fh1%3E

This will result in a view along these lines:

OWASP Top 10 - A03: Injection
CVSS Score: 5.4
AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator
https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N&... https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator

Published: Jul 26, 2024
Updated: Aug 14, 2024
CVE: CVE-2024-3938
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 6.1
AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CWEs:

CWE-79

OWASP TOP 10:

A7 - Cross-Site Scripting (XSS)

Affected Software
References

Software	From	Fixed in
dotcms / dotcms	23.10.24-2	23.10.24-2.x
dotcms / dotcms	23.10.24-3	23.10.24-3.x
dotcms / dotcms	23.10.24-4	23.10.24-4.x
dotcms / dotcms	23.10.24-5	23.10.24-5.x
dotcms / dotcms	23.10.24-6	23.10.24-6.x
dotcms / dotcms	23.10.24-7	23.10.24-7.x
dotcms / dotcms	23.10.24-8	23.10.24-8.x
dotcms / dotcms	23.10.24-9	23.10.24-9.x
dotcms / dotcms	23.10.24-10	23.10.24-10.x
dotcms / dotcms	23.10.24-1	23.10.24-1.x
dotcms / dotcms	23.10.24.0	23.10.24.0.x
dotcms / dotcms	23.02	23.09.7.x
dotcms / dotcms	5.1.5	23.01.18
dotcms / dotcms	24.04.24	24.04.24.x
dotcms / dotcms	24.04.24-1	24.04.24-1.x
dotcms / dotcms	24.04.24-2	24.04.24-2.x
dotcms / dotcms	24.04.24-3	24.04.24-3.x
dotcms / dotcms	23.12.21	24.04.23.x
dotcms / dotcms	24.05.13	24.05.31

Vulnerability Database

CVE-2024-3938

Deep Security Visibility Without the Complexity