CVE-2024-3938

MEDIUM

dotcms 5.1.5-23.01.18 - HTML Injection via Reset Password URL Parameter

Title source: llm

Description

The "reset password" login page accepted an HTML injection via URL parameters. This has already been rectified via patch, and as such it cannot be demonstrated via Demo site link. Those interested to see the vulnerability may spin up a http://localhost:8082/dotAdmin/#/public/login?resetEmailSent=true&resetEmail=%3Ch1%3E%3Ca%20href%3D%22https:%2F%2Fgoogle.com%22%3ECLICK%20ME%3C%2Fa%3E%3C%2Fh1%3E This will result in a view along these lines: * OWASP Top 10 - A03: Injection * CVSS Score: 5.4 * AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator * https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N&... https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator

References (1)

Core 1

Core References

Vendor Advisory

https://www.dotcms.com/security/SI-71

Scores

CVSS v3 5.4

EPSS 0.0024

EPSS Percentile 14.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-20 CWE-79

Status published

Products (4)

dotcms/dotcms 23.10.24 1 (10 CPE variants)

dotcms/dotcms 23.10.24.0

dotcms/dotcms 24.04.24 (5 CPE variants)

dotcms/dotcms 5.1.5 - 23.01.18

Published Jul 25, 2024

Tracked Since Feb 18, 2026