CVE-2014-0335
Last modified
CVE-2014-0335 is a vulnerability of currently unknown severity. Multiple cross-site scripting (XSS) vulnerabilities in the web client in Serena Dimensions CM 12.2 build 7.199.0 allow remote attackers to inject arbitrary web script or HTML via the (1) DB_CONN, (2) DB_NAME, (3) DM_HOST, (4) MAN_DB_NAME, (5) framecmd, (6) identifier, (7) merant.adm.adapters.AdmDialogPropertyMgr, (8) nav_frame, (9) nav_jsp, (10) target_frame, (11) id, or (12) type parameter to the dimensions/ URI.. EPSS estimates a 1.14% chance of exploitation in the next 30 days.
Description
Multiple cross-site scripting (XSS) vulnerabilities in the web client in Serena Dimensions CM 12.2 build 7.199.0 allow remote attackers to inject arbitrary web script or HTML via the (1) DB_CONN, (2) DB_NAME, (3) DM_HOST, (4) MAN_DB_NAME, (5) framecmd, (6) identifier, (7) merant.adm.adapters.AdmDialogPropertyMgr, (8) nav_frame, (9) nav_jsp, (10) target_frame, (11) id, or (12) type parameter to the dimensions/ URI.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions | Update |
|---|---|---|---|
| Serena | Dimensions Cm | 12.2 | Build7.199.0 |
References
- http://www.kb.cert.org/vuls/id/823452US Government Resource
- http://www.kb.cert.org/vuls/id/823452US Government Resource
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2014-0335?
How severe is CVE-2014-0335?
How do I fix CVE-2014-0335?
Are you affected by CVE-2014-0335?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST