CVE-2014-0335 Information

Description

Multiple cross-site scripting (XSS) vulnerabilities in the web client in Serena Dimensions CM 12.2 build 7.199.0 allow remote attackers to inject arbitrary web script or HTML via the (1) DB_CONN (2) DB_NAME (3) DM_HOST (4) MAN_DB_NAME (5) framecmd (6) identifier (7) merant.adm.adapters.AdmDialogPropertyMgr (8) nav_frame (9) nav_jsp (10) target_frame (11) id or (12) type parameter to the dimensions/ URI.

Reference

http://www.kb.cert.org/vuls/id/823452