CVE-2024-3938
https://notcve.org/view.php?id=CVE-2024-3938
The "reset password" login page accepted an HTML injection via URL parameters. This has already been rectified via patch, and as such it cannot be demonstrated via Demo site link. Those interested to see the vulnerability may spin up a http://localhost:8082/dotAdmin/#/public/login?resetEmailSent=true&resetEmail=%3Ch1%3E%3Ca%20href%3D%22https:%2F%2Fgoogle.com%22%3ECLICK%20ME%3C%2Fa%3E%3C%2Fh1%3E This will result in a view along these lines: * OWASP Top 10 - A03: Injection * CVSS Score: 5.4 * AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator * https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N&... https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator • https://www.dotcms.com/security/SI-71 • CWE-20: Improper Input Validation •
CVE-2022-37034
https://notcve.org/view.php?id=CVE-2022-37034
In dotCMS 5.x-22.06, it is possible to call the TempResource multiple times, each time requesting the dotCMS server to download a large file. If done repeatedly, this will result in Tomcat request-thread exhaustion and ultimately a denial of any other requests. • https://www.dotcms.com/security/SI-65 • CWE-674: Uncontrolled Recursion •
CVE-2022-37033
https://notcve.org/view.php?id=CVE-2022-37033
In dotCMS 5.x-22.06, TempFileAPI allows a user to create a temporary file based on a passed in URL, while attempting to block any SSRF access to local IP addresses or private subnets. In resolving this URL, the TempFileAPI follows any 302 redirects that the remote URL returns. Because there is no re-validation of the redirect URL, the TempFileAPI can be used to return data from those local/private hosts that should not be accessible remotely. • https://www.dotcms.com/security/SI-64 • CWE-918: Server-Side Request Forgery (SSRF) •
CVE-2022-45783
https://notcve.org/view.php?id=CVE-2022-45783
An issue was discovered in dotCMS core 4.x through 22.10.2. An authenticated directory traversal vulnerability in the dotCMS API can lead to Remote Code Execution. • https://www.dotcms.com/security/SI-67 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVE-2022-37431
https://notcve.org/view.php?id=CVE-2022-37431
A Reflected Cross-site scripting (XSS) issue was discovered in dotCMS Core through 22.06. This occurs in the admin portal when the configuration has XSS_PROTECTION_ENABLED=false. NOTE: the vendor disputes this because the current product behavior, in effect, has XSS_PROTECTION_ENABLED=true in all configurations ** EN DISPUTA ** Se ha detectado un problema de tipo Cross-site scripting (XSS) Reflejado en dotCMS Core versiones hasta 22.06. Esto ocurre en el portal de administración cuando la configuración presenta XSS_PROTECTION_ENABLED=false. NOTA: el proveedor discute esto porque el comportamiento actual del producto, en efecto, tiene XSS_PROTECTION_ENABLED=true en todas las configuraciones • https://fortiguard.fortinet.com/zeroday/FG-VD-22-062 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •