CVE-2014-0335

Serena Dimensions CM 12.2 build 7.199.0 - XSS

Title source: llm

Description

Multiple cross-site scripting (XSS) vulnerabilities in the web client in Serena Dimensions CM 12.2 build 7.199.0 allow remote attackers to inject arbitrary web script or HTML via the (1) DB_CONN, (2) DB_NAME, (3) DM_HOST, (4) MAN_DB_NAME, (5) framecmd, (6) identifier, (7) merant.adm.adapters.AdmDialogPropertyMgr, (8) nav_frame, (9) nav_jsp, (10) target_frame, (11) id, or (12) type parameter to the dimensions/ URI.

References (1)

[US Government Resource] http://www.kb.cert.org/vuls/id/823452

Scores

EPSS 0.0071

EPSS Percentile 72.0%

Details

CWE

CWE-79

Status published

Products (2)

serena/dimensions_cm

n/a/n/a

Published Mar 06, 2014

Tracked Since Feb 18, 2026