Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Multiple cross-site scripting (XSS) vulnerabilities in the web client in Serena Dimensions CM 12.2 build 7.199.0 allow remote attackers to inject arbitrary web script or HTML via the (1) DB_CONN, (2) DB_NAME, (3) DM_HOST, (4) MAN_DB_NAME, (5) framecmd, (6) identifier, (7) merant.adm.adapters.AdmDialogPropertyMgr, (8) nav_frame, (9) nav_jsp, (10) target_frame, (11) id, or (12) type parameter to the dimensions/ URI.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Serena Dimensions CM 多个跨站脚本漏洞
Vulnerability Description
Serena Dimensions CM是美国Serena软件公司的一套一体化ALM(应用生命周期管理)解决方案。该方案主要用于定义、管理、变更、配置、发布和报告项目生命周期中的需求。 Serena Dimensions CM 12.2 build 7.199.0版本中的Web客户端存在多个跨站脚本漏洞,这些漏洞源于dimensions/ URI没有正确验证多个参数(包括:DB_CONN,DB_NAME,DM_HOST,MAN_DB_NAME,framecmd,identifier,merant.adm.
CVSS Information
N/A
Vulnerability Type
N/A