{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-07-02T08:44:36.037","vulnerabilities":[{"cve":{"id":"CVE-2024-3938","sourceIdentifier":"security@dotcms.com","published":"2024-07-25T22:15:08.903","lastModified":"2026-06-17T07:45:30.980","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"The \"reset password\" login page accepted an HTML injection via URL parameters.\n\nThis has already been rectified via patch, and as such it cannot be demonstrated via Demo site link. Those interested to see the vulnerability may spin up a  http://localhost:8082/dotAdmin/#/public/login?resetEmailSent=true&resetEmail=%3Ch1%3E%3Ca%20href%3D%22https:%2F%2Fgoogle.com%22%3ECLICK%20ME%3C%2Fa%3E%3C%2Fh1%3E \n\nThis will result in a view along these lines:\n\n\n\n\n\n  *  OWASP Top 10 - A03: Injection\n  *  CVSS Score: 5.4\n  *   AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator \n  *   https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N&... https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator"},{"lang":"es","value":"La página de inicio de sesión \"reset password\" aceptó una inyección de HTML a través de parámetros de URL. Esto ya se ha rectificado mediante un parche y, como tal, no se puede demostrar mediante el enlace del sitio de demostración. Aquellos interesados en ver la vulnerabilidad pueden activar un http://localhost:8082/dotAdmin/#/public/login?resetEmailSent=true&amp;resetEmail=%3Ch1%3E%3Ca%20href%3D%22https:%2F%2Fgoogle.com% 22%3ECLICK%20ME%3C%2Fa%3E%3C%2Fh1%3E Esto dará como resultado una vista similar a estas líneas: * OWASP Top 10 - A03: Inyección * Puntuación CVSS: 5,4 * AV:N/AC:L/PR :N/UI:R/S:U/C:L/I:L/A:N https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator * https://nvd.nist. gov/vuln-metrics/cvss/v3-calculator?vector=AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N&amp;... https: //nvd.nist.gov/vuln-metrics/cvss/v3-calculator"}],"affected":[{"source":"security@dotcms.com","affectedData":[{"vendor":"dotCMS","product":"dotCMS core","defaultStatus":"unaffected","versions":[{"version":"5.1.5 and after","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@dotcms.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N","baseScore":5.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.5},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2024-07-26T17:33:18.822280Z","id":"CVE-2024-3938","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@dotcms.com","type":"Secondary","description":[{"lang":"en","value":"CWE-20"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:dotcms:dotcms:*:*:*:*:*:*:*:*","versionStartIncluding":"5.1.5","versionEndExcluding":"23.01.18","matchCriteriaId":"5D8CDD8C-0F92-4218-ACDB-C3E691F928AF"},{"vulnerable":true,"criteria":"cpe:2.3:a:dotcms:dotcms:*:*:*:*:*:*:*:*","versionStartIncluding":"23.02","versionEndIncluding":"23.09.7","matchCriteriaId":"E85B4224-34E8-47CD-8F08-8B129868AF1F"},{"vulnerable":true,"criteria":"cpe:2.3:a:dotcms:dotcms:*:*:*:*:*:*:*:*","versionStartIncluding":"23.12.21","versionEndIncluding":"24.04.23","matchCriteriaId":"6A6601A2-B008-44C9-A7C4-1DB2D613BD14"},{"vulnerable":true,"criteria":"cpe:2.3:a:dotcms:dotcms:*:*:*:*:*:*:*:*","versionStartIncluding":"24.05.13","versionEndExcluding":"24.05.31","matchCriteriaId":"379748A4-D76F-4402-9A4F-E509C6735285"},{"vulnerable":true,"criteria":"cpe:2.3:a:dotcms:dotcms:23.10.24:1:*:*:lts:*:*:*","matchCriteriaId":"33DBCA2A-D4E2-4AE6-B6E0-FD0A277266F4"},{"vulnerable":true,"criteria":"cpe:2.3:a:dotcms:dotcms:23.10.24:10:*:*:lts:*:*:*","matchCriteriaId":"DECC3919-5044-41AF-9AAA-A964027F51C1"},{"vulnerable":true,"criteria":"cpe:2.3:a:dotcms:dotcms:23.10.24:2:*:*:lts:*:*:*","matchCriteriaId":"342C11DD-7760-42AE-8670-4461ECB51E4C"},{"vulnerable":true,"criteria":"cpe:2.3:a:dotcms:dotcms:23.10.24:3:*:*:lts:*:*:*","matchCriteriaId":"90B73A81-7202-4B0B-822B-4F2EE4480663"},{"vulnerable":true,"criteria":"cpe:2.3:a:dotcms:dotcms:23.10.24:4:*:*:lts:*:*:*","matchCriteriaId":"0BFA7220-B846-451B-A7B2-C3DC87767575"},{"vulnerable":true,"criteria":"cpe:2.3:a:dotcms:dotcms:23.10.24:5:*:*:lts:*:*:*","matchCriteriaId":"258813CA-66A7-4DCA-883D-884FB88430DC"},{"vulnerable":true,"criteria":"cpe:2.3:a:dotcms:dotcms:23.10.24:6:*:*:lts:*:*:*","matchCriteriaId":"E69C8B72-A38C-4D97-83BB-DCE392D3ABD0"},{"vulnerable":true,"criteria":"cpe:2.3:a:dotcms:dotcms:23.10.24:7:*:*:lts:*:*:*","matchCriteriaId":"B5309F19-2D65-4E87-87FD-2A0294008FF5"},{"vulnerable":true,"criteria":"cpe:2.3:a:dotcms:dotcms:23.10.24:8:*:*:lts:*:*:*","matchCriteriaId":"CBAEE45C-234C-4E5C-86CF-4F71A457D6F7"},{"vulnerable":true,"criteria":"cpe:2.3:a:dotcms:dotcms:23.10.24:9:*:*:lts:*:*:*","matchCriteriaId":"FD553D7C-158F-489D-8C4C-8E2E056D52BA"},{"vulnerable":true,"criteria":"cpe:2.3:a:dotcms:dotcms:23.10.24.0:*:*:*:lts:*:*:*","matchCriteriaId":"9692C9DB-6111-4EE6-8DE8-1614DF87F365"},{"vulnerable":true,"criteria":"cpe:2.3:a:dotcms:dotcms:24.04.24:-:*:*:*:*:*:*","matchCriteriaId":"EB1AD7A4-1F60-493C-8BB2-E13F44F3CCD6"},{"vulnerable":true,"criteria":"cpe:2.3:a:dotcms:dotcms:24.04.24:0:*:*:lts:*:*:*","matchCriteriaId":"EE62FB6F-DB41-47B4-B8F7-0B9C887781D5"},{"vulnerable":true,"criteria":"cpe:2.3:a:dotcms:dotcms:24.04.24:1:*:*:lts:*:*:*","matchCriteriaId":"395197BB-2613-43BA-9223-195461F993D3"},{"vulnerable":true,"criteria":"cpe:2.3:a:dotcms:dotcms:24.04.24:2:*:*:lts:*:*:*","matchCriteriaId":"72350E82-5B73-41A9-B3F1-8CA7BF389897"},{"vulnerable":true,"criteria":"cpe:2.3:a:dotcms:dotcms:24.04.24:3:*:*:lts:*:*:*","matchCriteriaId":"478A668F-DD76-4C0C-A444-A760C1AA5623"}]}]}],"references":[{"url":"https://www.dotcms.com/security/SI-71","source":"security@dotcms.com","tags":["Vendor Advisory"]},{"url":"https://www.dotcms.com/security/SI-71","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}}]}