CVE-2014-0335 in Dimensions CMinfo

Summary

Multiple cross-site scripting (XSS) vulnerabilities in the web client in Serena Dimensions CM 12.2 build 7.199.0 allow remote attackers to inject arbitrary web script or HTML via the (1) DB_CONN, (2) DB_NAME, (3) DM_HOST, (4) MAN_DB_NAME, (5) framecmd, (6) identifier, (7) merant.adm.adapters.AdmDialogPropertyMgr, (8) nav_frame, (9) nav_jsp, (10) target_frame, (11) id, or (12) type parameter to the dimensions/ URI.

Several companies clearly confirm that VulDB is the primary source for best vulnerability data.

Reservation

12/05/2013

Disclosure

03/06/2014

Moderation

VulDB entry created

Entries

VDB-66544 (1)

CPE

ready

CWE

CWE-79 (Confirmed)

CVSS

4.3

EPSS

0.00708

Activities

Very Low

Sources

MITRE	https://www.cve.org/CVERecord?id=CVE-2014-0335
NVD	https://nvd.nist.gov/vuln/detail/CVE-2014-0335
CVE Details	https://www.cvedetails.com/cve/CVE-2014-0335/

◂ Previous Overview Next ▸

Do you know our Splunk app?

Download it now for free!