Vulnerabilities > Dotcms > Dotcms > 24.04.24

DATE CVE VULNERABILITY TITLE RISK
2024-07-25 CVE-2024-3938 Cross-site Scripting vulnerability in Dotcms
The "reset password" login page accepted an HTML injection via URL parameters. This has already been rectified via patch, and as such it cannot be demonstrated via Demo site link.
network
low complexity
dotcms CWE-79
6.1
6.1