{ "affected": [ { "ranges": [ { "database_specific": { "versions": [ { "introduced": "5.1.5" }, { "fixed": "23.01.18" }, { "introduced": "23.02" }, { "last_affected": "23.09.7" }, { "introduced": "23.12.21" }, { "last_affected": "24.04.23" }, { "introduced": "24.05.13" }, { "fixed": "24.05.31" }, { "introduced": "0" }, { "last_affected": "23.10.24-1" }, { "introduced": "0" }, { "last_affected": "23.10.24-10" }, { "introduced": "0" }, { "last_affected": "23.10.24-2" }, { "introduced": "0" }, { "last_affected": "23.10.24-3" }, { "introduced": "0" }, { "last_affected": "23.10.24-4" }, { "introduced": "0" }, { "last_affected": "23.10.24-5" }, { "introduced": "0" }, { "last_affected": "23.10.24-6" }, { "introduced": "0" }, { "last_affected": "23.10.24-7" }, { "introduced": "0" }, { "last_affected": "23.10.24-8" }, { "introduced": "0" }, { "last_affected": "23.10.24-9" }, { "introduced": "0" }, { "last_affected": "23.10.24.0" }, { "introduced": "0" }, { "last_affected": "24.04.24-NA" }, { "introduced": "0" }, { "last_affected": "24.04.24-0" }, { "introduced": "0" }, { "last_affected": "24.04.24-1" }, { "introduced": "0" }, { "last_affected": "24.04.24-2" }, { "introduced": "0" }, { "last_affected": "24.04.24-3" } ] }, "events": [ { "introduced": "ecc5abc7d7615e24c083c41483319e34243211a0" }, { "fixed": "976f31730557c1e3f120ee85710e621cfa6c06a9" }, { "introduced": "3feb6fa6ebdcf1509252fbf9ee7e53017c8bf96f" }, { "last_affected": "20de9e9f791d40b6655c3cd506d74fce8fcb4f2d" }, { "introduced": "1122a5760e412966e13d35f75436cb6fcd6f5d60" }, { "last_affected": "703fb5c3d30f99779a10e0f7a1543c17033becd1" }, { "introduced": "cc91f975b70b3f77a1b28c51ef504b965baf2896" }, { "fixed": "8fac77cf07a65bbd0780f4f029b70d23eee02f5c" }, { "introduced": "0" }, { "last_affected": "e32f4c872fbd0576ce4587aacaa26cc2995b9ce5" }, { "introduced": "0" }, { "last_affected": "449022e9c932f0500b8bcba3370740feba87c852" }, { "introduced": "0" }, { "last_affected": "5374aed6949aa5c6dbac269cc3944c7b79ee0d78" }, { "introduced": "0" }, { "last_affected": "f02f738fbdb827a4313caac9f376dd16af957fbe" }, { "introduced": "0" }, { "last_affected": "4ce542de6e940eeb0ced492d69f33fba39c984f2" }, { "introduced": "0" }, { "last_affected": "2457af35bdc9710d66bc5bf10c34004d104ed5bd" }, { "introduced": "0" }, { "last_affected": "e26d237d61c9cf0691cb8f093c6c08ee5b47a924" }, { "introduced": "0" }, { "last_affected": "c5e93f4fd71de3c021ba5cee5b2ffb1b6cbd414f" }, { "introduced": "0" }, { "last_affected": "1297bb256ca306e00a037b7766644f33cac75cfa" }, { "introduced": "0" }, { "last_affected": "2be63a56ad7536b23c996adb8f5ea346a9eb5cd1" }, { "introduced": "0" }, { "last_affected": "faa050464e2bec249af93a7d5c6dbbece123ef27" }, { "introduced": "0" }, { "last_affected": "a53d05b1f6539db84b140116be4a67af0a7d1950" }, { "introduced": "0" }, { "last_affected": "d169c8c5baaec246e0bd6d6ab880e0517802d9f1" }, { "introduced": "0" }, { "last_affected": "2030eb1b178f62713374e0ff7e87caacf7bc1b4c" }, { "introduced": "0" }, { "last_affected": "423defe5d27d9499c805c5aa7c582a8fbeb58e4f" }, { "introduced": "0" }, { "last_affected": "de4c9e76227dcd1f6f885d52077f741de4d4de0c" } ], "repo": "https://github.com/dotcms/core", "type": "GIT" } ] } ], "details": "The \"reset password\" login page accepted an HTML injection via URL parameters.\n\nThis has already been rectified via patch, and as such it cannot be demonstrated via Demo site link. Those interested to see the vulnerability may spin up a http://localhost:8082/dotAdmin/#/public/login?resetEmailSent=true\u0026resetEmail=%3Ch1%3E%3Ca%20href%3D%22https:%2F%2Fgoogle.com%22%3ECLICK%20ME%3C%2Fa%3E%3C%2Fh1%3E \n\nThis will result in a view along these lines:\n\n\n\n\n\n * OWASP Top 10 - A03: Injection\n * CVSS Score: 5.4\n * AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator \n * https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N\u0026... https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator", "id": "CVE-2024-3938", "modified": "2026-03-13T21:52:34.190411730Z", "published": "2024-07-25T22:15:08.903Z", "references": [ { "type": "ADVISORY", "url": "https://www.dotcms.com/security/SI-71" } ], "severity": [ { "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "type": "CVSS_V3" } ] }