CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2014-0335

Multiple cross-site scripting (XSS) vulnerabilities in the web client in Serena Dimensions CM 12.2 build 7.199.0 allow remote attackers to inject arbitrary web script or HTML via the (1) DB_CONN, (2) DB_NAME, (3) DM_HOST, (4) MAN_DB_NAME, (5) framecmd, (6) identifier, (7) merant.adm.adapters.AdmDialogPropertyMgr, (8) nav_frame, (9) nav_jsp, (10) target_frame, (11) id, or (12) type parameter to the dimensions/ URI.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.006

EPSS Ranking 68.2%

CVSS Severity

CVSS v2 Score 4.3

References

http://www.kb.cert.org/vuls/id/823452
http://www.kb.cert.org/vuls/id/823452

Products affected by CVE-2014-0335

Serena » Dimensions Cm » Version: 12.2

cpe:2.3:a:serena:dimensions_cm:12.2

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2014-0335

Products

Pricing

Contact Us