CVE-2013-3484

Dotcms < 2.3.1 - XSS

Title source: rule

Description

Multiple cross-site scripting (XSS) vulnerabilities in dotCMS before 2.3.2 allow remote attackers to inject arbitrary web script or HTML via the (1) _loginUserName parameter to application/login/login.html, (2) my_account_login parameter to c/portal_public/login, or (3) email parameter to forgotPassword.

References (3)

[Exploit, Vendor Advisory] http://dotcms.com/security/SI-14

[Vendor Advisory] http://secunia.com/advisories/53265

[Issue Tracking] https://github.com/dotCMS/dotCMS/issues/2949

Scores

EPSS 0.0032

EPSS Percentile 55.0%

Details

CWE

CWE-79

Status published

Products (10)

dotcms/dotcms < 2.3.1

dotcms/dotcms

n/a/n/a

Published Apr 02, 2014

Tracked Since Feb 18, 2026